21 lines
726 B
Plaintext
21 lines
726 B
Plaintext
$NetBSD: patch-Misc_NEWS,v 1.1.2.2 2013/08/21 11:47:14 tron Exp $
|
|
|
|
patch for CVE-2013-4238 taken from
|
|
http://hg.python.org/cpython/rev/bd2360476bdb
|
|
|
|
--- Misc/NEWS.orig 2013-05-12 03:32:49.000000000 +0000
|
|
+++ Misc/NEWS
|
|
@@ -26,6 +26,12 @@ Core and Builtins
|
|
Library
|
|
-------
|
|
|
|
+- Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes
|
|
+ inside subjectAltName correctly. Formerly the module has used OpenSSL's
|
|
+ GENERAL_NAME_print() function to get the string represention of ASN.1
|
|
+ strings for ``rfc822Name`` (email), ``dNSName`` (DNS) and
|
|
+ ``uniformResourceIdentifier`` (URI).
|
|
+
|
|
- Issue #16601: Restarting iteration over tarfile no more continues from where
|
|
it left off. Patch by Michael Birtwell.
|
|
|