diff options
| author | Łukasz Langa <lukasz@langa.pl> | 2024-09-06 20:41:55 (GMT) |
|---|---|---|
| committer | Łukasz Langa <lukasz@langa.pl> | 2024-09-06 20:41:55 (GMT) |
| commit | 39b2f82717a69dde7212bc39b673b0f55c99e6a3 (patch) | |
| tree | 48ec47957a5670381ca155c5030e2e2226f211be /Misc/NEWS.d/next/Security | |
| parent | 4d069d5b1170b9d82013ab824ff5d6cf28964d97 (diff) | |
| download | cpython-3.8.zip cpython-3.8.tar.gz cpython-3.8.tar.bz2 | |
Diffstat (limited to 'Misc/NEWS.d/next/Security')
7 files changed, 0 insertions, 20 deletions
diff --git a/Misc/NEWS.d/next/Security/2024-03-27-13-50-02.gh-issue-116741.ZoGryG.rst b/Misc/NEWS.d/next/Security/2024-03-27-13-50-02.gh-issue-116741.ZoGryG.rst deleted file mode 100644 index 12a4194..0000000 --- a/Misc/NEWS.d/next/Security/2024-03-27-13-50-02.gh-issue-116741.ZoGryG.rst +++ /dev/null @@ -1 +0,0 @@ -Update bundled libexpat to 2.6.2 diff --git a/Misc/NEWS.d/next/Security/2024-04-19-11-21-13.gh-issue-114572.t1QMQD.rst b/Misc/NEWS.d/next/Security/2024-04-19-11-21-13.gh-issue-114572.t1QMQD.rst deleted file mode 100644 index b4f9fe6..0000000 --- a/Misc/NEWS.d/next/Security/2024-04-19-11-21-13.gh-issue-114572.t1QMQD.rst +++ /dev/null @@ -1,4 +0,0 @@ -:meth:`ssl.SSLContext.cert_store_stats` and -:meth:`ssl.SSLContext.get_ca_certs` now correctly lock access to the -certificate store, when the :class:`ssl.SSLContext` is shared across -multiple threads. diff --git a/Misc/NEWS.d/next/Security/2024-05-01-20-57-09.gh-issue-118486.K44KJG.rst b/Misc/NEWS.d/next/Security/2024-05-01-20-57-09.gh-issue-118486.K44KJG.rst deleted file mode 100644 index a28a4e5..0000000 --- a/Misc/NEWS.d/next/Security/2024-05-01-20-57-09.gh-issue-118486.K44KJG.rst +++ /dev/null @@ -1,4 +0,0 @@ -:func:`os.mkdir` on Windows now accepts *mode* of ``0o700`` to restrict -the new directory to the current user. This fixes CVE-2024-4030 -affecting :func:`tempfile.mkdtemp` in scenarios where the base temporary -directory is more permissive than the default. diff --git a/Misc/NEWS.d/next/Security/2024-07-02-13-39-20.gh-issue-121285.hrl-yI.rst b/Misc/NEWS.d/next/Security/2024-07-02-13-39-20.gh-issue-121285.hrl-yI.rst deleted file mode 100644 index 81f918b..0000000 --- a/Misc/NEWS.d/next/Security/2024-07-02-13-39-20.gh-issue-121285.hrl-yI.rst +++ /dev/null @@ -1,2 +0,0 @@ -Remove backtracking from tarfile header parsing for ``hdrcharset``, PAX, and -GNU sparse headers. diff --git a/Misc/NEWS.d/next/Security/2024-07-22-13-11-28.gh-issue-122133.0mPeta.rst b/Misc/NEWS.d/next/Security/2024-07-22-13-11-28.gh-issue-122133.0mPeta.rst deleted file mode 100644 index 3544eb3..0000000 --- a/Misc/NEWS.d/next/Security/2024-07-22-13-11-28.gh-issue-122133.0mPeta.rst +++ /dev/null @@ -1,5 +0,0 @@ -Authenticate the socket connection for the ``socket.socketpair()`` fallback -on platforms where ``AF_UNIX`` is not available like Windows. - -Patch by Gregory P. Smith <greg@krypto.org> and Seth Larson <seth@python.org>. Reported by Ellie -<el@horse64.org> diff --git a/Misc/NEWS.d/next/Security/2024-07-22-13-14-38.gh-issue-121957.FYkcOt.rst b/Misc/NEWS.d/next/Security/2024-07-22-13-14-38.gh-issue-121957.FYkcOt.rst deleted file mode 100644 index ff4614b..0000000 --- a/Misc/NEWS.d/next/Security/2024-07-22-13-14-38.gh-issue-121957.FYkcOt.rst +++ /dev/null @@ -1,3 +0,0 @@ -Fixed missing audit events around interactive use of Python, now also -properly firing for ``python -i``, as well as for ``python -m asyncio``. The -event in question is ``cpython.run_stdin``. diff --git a/Misc/NEWS.d/next/Security/2024-09-04-12-41-35.gh-issue-123678.N41y9n.rst b/Misc/NEWS.d/next/Security/2024-09-04-12-41-35.gh-issue-123678.N41y9n.rst deleted file mode 100644 index b70f578..0000000 --- a/Misc/NEWS.d/next/Security/2024-09-04-12-41-35.gh-issue-123678.N41y9n.rst +++ /dev/null @@ -1 +0,0 @@ -Upgrade libexpat to 2.6.3 |