subject:"\[issue35746\] \[ssl\]\[CVE\-2019\-5010\] TALOS\-2018\-0758 Denial of Service"

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

2019-05-10 Thread Ned Deily



Change by Ned Deily :


--
Removed message: https://bugs.python.org/msg342112

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

2019-05-10 Thread Ned Deily



Ned Deily  added the comment:


New changeset 6c655ce34ae54adb8eef22b73108e22cc381cb8d by larryhastings (Victor 
Stinner) in branch '3.4':
bpo-35746: Fix segfault in ssl's cert parser (GH-11569) (#11868)
https://github.com/python/cpython/commit/6c655ce34ae54adb8eef22b73108e22cc381cb8d


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

2019-03-12 Thread STINNER Victor



STINNER Victor  added the comment:

Yes, I close the issue.

--
resolution:  -> fixed
stage: patch review -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

2019-03-09 Thread Larry Hastings



Larry Hastings  added the comment:

Can we close this now?

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

2019-02-25 Thread Larry Hastings



Larry Hastings  added the comment:


New changeset efec7631edf3b9480dc3988c97ffef94df8800da by larryhastings (Victor 
Stinner) in branch '3.5':
bpo-35746: Fix segfault in ssl's cert parser (GH-11569) (#11867)
https://github.com/python/cpython/commit/efec7631edf3b9480dc3988c97ffef94df8800da


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

2019-02-25 Thread Larry Hastings



Larry Hastings  added the comment:


New changeset 6c655ce34ae54adb8eef22b73108e22cc381cb8d by larryhastings (Victor 
Stinner) in branch '3.4':
bpo-35746: Fix segfault in ssl's cert parser (GH-11569) (#11868)
https://github.com/python/cpython/commit/6c655ce34ae54adb8eef22b73108e22cc381cb8d


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

2019-02-15 Thread Ned Deily



Ned Deily  added the comment:


New changeset 2a3af94b7e4d7851986043348128e312ddbb2451 by Ned Deily (Victor 
Stinner) in branch '3.6':
bpo-35746: Credit Colin Read and Nicolas Edet (GH-11865)
https://github.com/python/cpython/commit/2a3af94b7e4d7851986043348128e312ddbb2451


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

2019-02-15 Thread STINNER Victor



STINNER Victor  added the comment:


New changeset fe42122d41834746e841b5927154be041fb7afbb by Victor Stinner in 
branch '3.7':
bpo-35746: Credit Colin Read and Nicolas Edet (GH-11864)
https://github.com/python/cpython/commit/fe42122d41834746e841b5927154be041fb7afbb


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

2019-02-15 Thread STINNER Victor



Change by STINNER Victor :


--
pull_requests: +11901

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

2019-02-15 Thread STINNER Victor



STINNER Victor  added the comment:


New changeset 826a8b708165796151ad4135b0ddbd79da6d39f1 by Victor Stinner in 
branch '2.7':
bpo-35746: Credit Colin Read and Nicolas Edet (GH-11866)
https://github.com/python/cpython/commit/826a8b708165796151ad4135b0ddbd79da6d39f1


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

2019-02-15 Thread STINNER Victor



Change by STINNER Victor :


--
pull_requests: +11900

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

2019-02-15 Thread STINNER Victor



STINNER Victor  added the comment:


New changeset 355f16fd4beb36d6a18f7d0982581c93de015c17 by Victor Stinner in 
branch 'master':
bpo-35746: Credit Colin Read and Nicolas Edet (GH-11863)
https://github.com/python/cpython/commit/355f16fd4beb36d6a18f7d0982581c93de015c17


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

2019-02-15 Thread STINNER Victor



Change by STINNER Victor :


--
pull_requests: +11899

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

2019-02-15 Thread STINNER Victor



Change by STINNER Victor :


--
pull_requests: +11897

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

2019-02-15 Thread STINNER Victor



Change by STINNER Victor :


--
pull_requests: +11898

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

2019-02-15 Thread STINNER Victor



Change by STINNER Victor :


--
pull_requests: +11896

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

2019-01-21 Thread STINNER Victor



STINNER Victor  added the comment:

Does someone work on backporting the fix to 3.4 and 3.5 branches?

Note: I added the vulnerability to:
https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

2019-01-16 Thread Christian Heimes


Christian Heimes  added the comment:

The bug is less critical and harder to exploit than I initially thought. td;dr 
if you have cert validation enabled and only trust public root CAs from CA/B 
forum, then you are not affected.

The bug is only exploitable under two conditions:
1) The user has disabled TLS/SSL certificate validation *and* calls 
getpeercert() in 3rd party code.
2) Or the user trusts a CA that does not properly validate end-entity 
certificates.

When cert validation is enabled, the ssl module will refuse any untrusted 
certificate during the handshake. The SSLSocket.getpeercert() and 
SSLObject.getpeercert() methods raise an exception, when the handshake was not 
successful. Python 2.7 - 3.6 hostname verification code only calls 
getpeercert() after the cert chain was validated successfully. Python 3.7+ no 
longer calls getpeercert() for hostname verification. Further more hostname 
verification can't be enabled when cert validation is disabled.

For publicly trusted CAs governed by CA/B baseline requirements, CRL DPs must 
by valid URI general names with HTTP links. From CA/Browser Forum Baseline 
Requirements Version 1.6.2, December 10, 2018, section 7.1.2.3. Subscriber 
Certificate:

b. cRLDistributionPoints
This extension MAY be present. If present, it MUST NOT be marked critical, and 
it MUST contain the HTTP URL of the CA’s CRL service.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

2019-01-15 Thread Ned Deily



Ned Deily  added the comment:


New changeset 216a4d83c3b72f4fdcd81b588dc3f42cc461739a by Ned Deily (Miss 
Islington (bot)) in branch '3.6':
bpo-35746: Fix segfault in ssl's cert parser (GH-11569) (GH-11573)
https://github.com/python/cpython/commit/216a4d83c3b72f4fdcd81b588dc3f42cc461739a


--
nosy: +ned.deily

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

2019-01-15 Thread miss-islington



miss-islington  added the comment:


New changeset 06b15424b0dcacb1c551b2a36e739fffa8d0c595 by Miss Islington (bot) 
in branch '2.7':
bpo-35746: Fix segfault in ssl's cert parser (GH-11569)
https://github.com/python/cpython/commit/06b15424b0dcacb1c551b2a36e739fffa8d0c595


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

2019-01-15 Thread STINNER Victor



STINNER Victor  added the comment:

TALOS-2019-0758.txt: "Credit: Discovered by Colin Read and Nicolas Edet of 
Cisco."

Can we credit them somewhere? Maybe edit the NEWS entry to mention their name?

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

2019-01-15 Thread miss-islington



miss-islington  added the comment:


New changeset be5de958e9052e322b0087c6dba81cdad0c3e031 by Miss Islington (bot) 
in branch '3.7':
bpo-35746: Fix segfault in ssl's cert parser (GH-11569)
https://github.com/python/cpython/commit/be5de958e9052e322b0087c6dba81cdad0c3e031


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

2019-01-15 Thread miss-islington



Change by miss-islington :


--
pull_requests: +11242, 11243, 11244, 11245, 11246, 11247

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

2019-01-15 Thread miss-islington



Change by miss-islington :


--
pull_requests: +11242, 11243, 11244, 11245

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

2019-01-15 Thread miss-islington



Change by miss-islington :


--
pull_requests: +11241, 11242, 11243

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

2019-01-15 Thread miss-islington



Change by miss-islington :


--
pull_requests: +11242, 11243, 11244, 11245, 11247

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

2019-01-15 Thread miss-islington



Change by miss-islington :


--
pull_requests: +11241, 11242

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

2019-01-15 Thread miss-islington



Change by miss-islington :


--
pull_requests: +11242, 11243, 11244

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

2019-01-15 Thread miss-islington



Change by miss-islington :


--
pull_requests: +11241

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

2019-01-15 Thread miss-islington



miss-islington  added the comment:


New changeset a37f52436f9aa4b9292878b72f3ff1480e2606c3 by Miss Islington (bot) 
(Christian Heimes) in branch 'master':
bpo-35746: Fix segfault in ssl's cert parser (GH-11569)
https://github.com/python/cpython/commit/a37f52436f9aa4b9292878b72f3ff1480e2606c3


--
nosy: +miss-islington

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

2019-01-15 Thread Larry Hastings



Larry Hastings  added the comment:

I can confirm this crashes a freshly-built interpreter from the current 3.5 and 
3.4 branches.

--
nosy: +larry

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

2019-01-15 Thread Ned Deily



Change by Ned Deily :


Removed file: https://bugs.python.org/file48055/image001.png

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

2019-01-15 Thread Ned Deily



Change by Ned Deily :


Removed file: https://bugs.python.org/file48054/image001.png

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

2019-01-15 Thread Christian Heimes



Change by Christian Heimes :


Added file: https://bugs.python.org/file48053/TALOS-2019-0758 - POC.pem

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

2019-01-15 Thread Christian Heimes



Change by Christian Heimes :


Added file: https://bugs.python.org/file48052/TALOS-2019-0758.txt

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

2019-01-15 Thread STINNER Victor



Change by STINNER Victor :


--
title: TALOS-2018-0758 Denial of Service -> [ssl][CVE-2019-5010] 
TALOS-2018-0758 Denial of Service

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

36 matches

Site Navigation

Mail list logo

Footer information