| .. bpo: 35746 |
| .. date: 2019-01-15-18-16-05 |
| .. nonce: nMSd0j |
| .. release date: 2019-03-03 |
| .. section: Security |
| |
| [CVE-2019-5010] Fix a NULL pointer deref in ssl module. The cert parser did |
| not handle CRL distribution points with empty DP or URI correctly. A |
| malicious or buggy certificate can result into segfault. Vulnerability |
| (TALOS-2018-0758) reported by Colin Read and Nicolas Edet of Cisco. |
| |
| .. |
| |
| .. bpo: 34791 |
| .. date: 2018-09-24-18-49-25 |
| .. nonce: 78GmIG |
| .. section: Security |
| |
| The xml.sax and xml.dom.domreg no longer use environment variables to |
| override parser implementations when sys.flags.ignore_environment is set by |
| -E or -I arguments. |
| |
| .. |
| |
| .. bpo: 34623 |
| .. date: 2018-09-10-16-05-39 |
| .. nonce: Ua9jMv |
| .. section: Security |
| |
| CVE-2018-14647: The C accelerated _elementtree module now initializes hash |
| randomization salt from _Py_HashSecret instead of libexpat's default CSPRNG. |
| |
| .. |
| |
| .. bpo: 33329 |
| .. date: 2018-04-23-13-21-39 |
| .. nonce: lQ-Eod |
| .. section: Library |
| |
| Fix multiprocessing regression on newer glibcs |
