FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Python -- NULL pointer dereference vulnerability

Affected packages
python27 < 2.7.16
python35 < 3.5.7
python36 < 3.6.8_1
python37 < 3.7.3

Details

VuXML ID d74371d2-4fee-11e9-a5cd-1df8a848de3d
Discovery 2019-01-15
Entry 2019-03-26
Modified 2019-03-27

Python Changelog:

bpo-35746: [CVE-2019-5010] Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL distribution points with empty DP or URI correctly. A malicious or buggy certificate can result into segfault. Vulnerability (TALOS-2018-0758) reported by Colin Read and Nicolas Edet of Cisco.

References

CVE Name CVE-2019-5010
URL https://bugs.python.org/issue35746
URL https://docs.python.org/3.7/whatsnew/changelog.html