[3.7] py-openssl: Multiple vulnerabilities (CVE-2018-1000807, CVE-2018-1000808)
CVE-2018-1000807: Use-after-free in X509 object handling
Python Cryptographic Authority pyopenssl version before 17.5.0 has a
in X509 object handling. This can result in a denial of service or potentially even code execution.
#12 (closed) StoreCVE-2018-1000808: Failure to release memory before removing last reference in PKCS
Python Cryptographic Authority pyopenssl version before 17.5.0 fails to
release memory before removing last reference
in PKCS #12 (closed) Store. This can result in a Denial of service if memory runs low or is exhausted.
(from redmine: issue id 9867, created on 2019-01-18, closed on 2019-01-18)
- parent #9865 (closed)
- Revision 2b8672c5 by Natanael Copa on 2019-01-18T16:20:56Z:
main/py-openssl: security upgrade to 17.5.0 CVE-2018-1000807, CVE-2018-1000808 fixes #9867