- Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes inside subjectAltName correctly. Formerly the module has used OpenSSL's GENERAL_NAME_print() function to get the string represention of ASN.1 strings for `rfc822Name` (email), `dNSName` (DNS) and `uniformResourceIdentifier` (URI).

commit: 82f88283171933127f20f866a7f98694b29cca56 [log] [tgz]
author: Barry Warsaw <barry@python.org> Fri Aug 23 13:26:49 2013 -0400
committer: Barry Warsaw <barry@python.org> Fri Aug 23 13:26:49 2013 -0400
tree: 85f872fa42b336a9f739035e25007978d777f9ba
parent: f880e5d5eaef3233fb1cd2f747c8f0ba59c7f086 [diff] [blame]
diff --git a/Misc/NEWS b/Misc/NEWS
index 2a865df..790dc58 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS

@@ -16,6 +16,15 @@
 - Issue #16248: Disable code execution from the user's home directory by
   tkinter when the -E flag is passed to Python.  Patch by Zachary Ware.
 
+Extension Modules
+-----------------
+
+- Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes
+  inside subjectAltName correctly. Formerly the module has used OpenSSL's
+  GENERAL_NAME_print() function to get the string represention of ASN.1
+  strings for `rfc822Name` (email), `dNSName` (DNS) and 
+  `uniformResourceIdentifier` (URI).
+
 
 What's New in Python 2.6.8?
 ===========================
commit	82f88283171933127f20f866a7f98694b29cca56	[log] [tgz]
author	Barry Warsaw <barry@python.org>	Fri Aug 23 13:26:49 2013 -0400
committer	Barry Warsaw <barry@python.org>	Fri Aug 23 13:26:49 2013 -0400
tree	85f872fa42b336a9f739035e25007978d777f9ba
parent	f880e5d5eaef3233fb1cd2f747c8f0ba59c7f086 [diff] [blame]