[issue35746] TALOS-2018-0758 Denial of Service

2019-01-15 Thread Christian Heimes
Change by Christian Heimes : -- keywords: +patch, patch, patch pull_requests: +11233, 11234, 11235 ___ Python tracker ___ ___ Python

[issue35746] TALOS-2018-0758 Denial of Service

2019-01-15 Thread Christian Heimes
Change by Christian Heimes : -- keywords: +patch pull_requests: +11233 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsu

[issue35746] TALOS-2018-0758 Denial of Service

2019-01-15 Thread Christian Heimes
Change by Christian Heimes : -- keywords: +patch, patch pull_requests: +11233, 11234 ___ Python tracker ___ ___ Python-bugs-list mai

[issue35746] TALOS-2018-0758 Denial of Service

2019-01-15 Thread Christian Heimes
Christian Heimes added the comment: Please leave the bug open and don't remove files. It's too late. The bug report has been sent to mailing lists and RSS feeds already. Also you cannot remove any files from the bug tracker. Only admins are can do that. -- resolution: fixed -> stag

[issue35746] TALOS-2018-0758 Denial of Service

2019-01-15 Thread STINNER Victor
STINNER Victor added the comment: I close the bug just to hide it from the home page and default search result, to have more time to fix it (make the issue less visible). -- nosy: +vstinner resolution: -> fixed stage: needs patch -> resolved status: open -> closed __

[issue35746] TALOS-2018-0758 Denial of Service

2019-01-15 Thread Cisco Talos
Cisco Talos added the comment: The files are removed and will be reissued to PSIRT. Regina Wilson Analyst.Business Operations regiw...@cisco.com [cid:CFA14CB5-B7B2-4FF7-8313-22D495F607D5@vrt.sourcefire.com] On Jan 15, 2019, at 12:11 PM, Cisco Talos mailto:rep...@bu

[issue35746] TALOS-2018-0758 Denial of Service

2019-01-15 Thread Cisco Talos
Change by Cisco Talos : Removed file: https://bugs.python.org/file48053/TALOS-2019-0758 - POC.pem ___ Python tracker ___ ___ Python-bugs-lis

[issue35746] TALOS-2018-0758 Denial of Service

2019-01-15 Thread Cisco Talos
Change by Cisco Talos : Removed file: https://bugs.python.org/file48052/TALOS-2019-0758.txt ___ Python tracker ___ ___ Python-bugs-list mail

[issue35746] TALOS-2018-0758 Denial of Service

2019-01-15 Thread Christian Heimes
Christian Heimes added the comment: I can confirm that CPython is affected. By the way PyCA cryptography handles the CRL DB just fine. >>> from cryptography import x509 >>> from cryptography.hazmat.backends import default_backend >>> with open("Lib/test/talos-2019-0758.pem", "rb") as f: ...

[issue35746] TALOS-2018-0758 Denial of Service

2019-01-15 Thread Cisco Talos
Cisco Talos added the comment: Thanks for acknowledging. We look forward to any updates/developments on the issue reported. For further information about the Cisco Vendor Vulnerability Reporting and Disclosure Policy please refer to this document which also links to our public PGP key. htt

[issue35746] TALOS-2018-0758 Denial of Service

2019-01-15 Thread Christian Heimes
Christian Heimes added the comment: Thanks for the report! -- assignee: -> christian.heimes components: +SSL nosy: +christian.heimes stage: -> needs patch versions: +Python 3.4, Python 3.5, Python 3.6, Python 3.7, Python 3.8 ___ Python tracker

[issue35746] TALOS-2018-0758 Denial of Service

2019-01-15 Thread Cisco Talos
Change by Cisco Talos : -- versions: -Python 3.4, Python 3.5, Python 3.6, Python 3.7, Python 3.8 Added file: https://bugs.python.org/file48053/TALOS-2019-0758 - POC.pem ___ Python tracker ___

[issue35746] TALOS-2018-0758 Denial of Service

2019-01-15 Thread Cisco Talos
New submission from Cisco Talos : An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or