From: Victor Stinner <vstinner@redhat.com>
Date: Fri, 15 Feb 2019 11:25:47 +0000 (+0100)
Subject: bpo-35746: Credit Colin Read and Nicolas Edet (GH-11863)
X-Git-Tag: v3.8.0a2~71
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=355f16fd4beb36d6a18f7d0982581c93de015c17;p=thirdparty%2FPython%2Fcpython.git

bpo-35746: Credit Colin Read and Nicolas Edet (GH-11863)

Add credit for the cert parser vulnerability. Mention also Cisco
TALOS-2018-0758 identifier.
---

diff --git a/Misc/NEWS.d/3.8.0a1.rst b/Misc/NEWS.d/3.8.0a1.rst
index d8c8f9fe4002..b838965b69f2 100644
--- a/Misc/NEWS.d/3.8.0a1.rst
+++ b/Misc/NEWS.d/3.8.0a1.rst
@@ -6,7 +6,8 @@
 
 [CVE-2019-5010] Fix a NULL pointer deref in ssl module. The cert parser did
 not handle CRL distribution points with empty DP or URI correctly. A
-malicious or buggy certificate can result into segfault.
+malicious or buggy certificate can result into segfault. Vulnerability
+(TALOS-2018-0758) reported by Colin Read and Nicolas Edet of Cisco.
 
 ..