diff options
| author | Łukasz Langa <lukasz@langa.pl> | 2019-02-03 13:02:52 (GMT) |
|---|---|---|
| committer | Łukasz Langa <lukasz@langa.pl> | 2019-02-03 13:02:52 (GMT) |
| commit | 8efa3b69f669fcca8ebe0d046ae078e64d073bd2 (patch) | |
| tree | 61a9393f6217b7240f2cf95fca7fe8f8bdc49663 /Misc/NEWS.d/next/Security | |
| parent | f75d59e1a896115bd52f543a417c665d6edc331f (diff) | |
| download | cpython-8efa3b69f669fcca8ebe0d046ae078e64d073bd2.zip cpython-8efa3b69f669fcca8ebe0d046ae078e64d073bd2.tar.gz cpython-8efa3b69f669fcca8ebe0d046ae078e64d073bd2.tar.bz2 | |
[blurb] v3.8.0a1
Diffstat (limited to 'Misc/NEWS.d/next/Security')
12 files changed, 0 insertions, 29 deletions
diff --git a/Misc/NEWS.d/next/Security/2017-08-06-14-43-45.bpo-28414.mzZ6vD.rst b/Misc/NEWS.d/next/Security/2017-08-06-14-43-45.bpo-28414.mzZ6vD.rst deleted file mode 100644 index 06528c9..0000000 --- a/Misc/NEWS.d/next/Security/2017-08-06-14-43-45.bpo-28414.mzZ6vD.rst +++ /dev/null @@ -1 +0,0 @@ -The ssl module now allows users to perform their own IDN en/decoding when using SNI. diff --git a/Misc/NEWS.d/next/Security/2018-03-02-10-24-52.bpo-32981.O_qDyj.rst b/Misc/NEWS.d/next/Security/2018-03-02-10-24-52.bpo-32981.O_qDyj.rst deleted file mode 100644 index 9ebabb4..0000000 --- a/Misc/NEWS.d/next/Security/2018-03-02-10-24-52.bpo-32981.O_qDyj.rst +++ /dev/null @@ -1,4 +0,0 @@ -Regexes in difflib and poplib were vulnerable to catastrophic backtracking. -These regexes formed potential DOS vectors (REDOS). They have been -refactored. This resolves CVE-2018-1060 and CVE-2018-1061. -Patch by Jamie Davis. diff --git a/Misc/NEWS.d/next/Security/2018-03-05-10-09-51.bpo-33001.elj4Aa.rst b/Misc/NEWS.d/next/Security/2018-03-05-10-09-51.bpo-33001.elj4Aa.rst deleted file mode 100644 index 2acbac9..0000000 --- a/Misc/NEWS.d/next/Security/2018-03-05-10-09-51.bpo-33001.elj4Aa.rst +++ /dev/null @@ -1 +0,0 @@ -Minimal fix to prevent buffer overrun in os.symlink on Windows diff --git a/Misc/NEWS.d/next/Security/2018-03-25-12-05-43.bpo-33136.TzSN4x.rst b/Misc/NEWS.d/next/Security/2018-03-25-12-05-43.bpo-33136.TzSN4x.rst deleted file mode 100644 index c350516..0000000 --- a/Misc/NEWS.d/next/Security/2018-03-25-12-05-43.bpo-33136.TzSN4x.rst +++ /dev/null @@ -1,3 +0,0 @@ -Harden ssl module against LibreSSL CVE-2018-8970. -X509_VERIFY_PARAM_set1_host() is called with an explicit namelen. A new test -ensures that NULL bytes are not allowed. diff --git a/Misc/NEWS.d/next/Security/2018-05-28-08-55-30.bpo-32533.IzwkBI.rst b/Misc/NEWS.d/next/Security/2018-05-28-08-55-30.bpo-32533.IzwkBI.rst deleted file mode 100644 index a364225..0000000 --- a/Misc/NEWS.d/next/Security/2018-05-28-08-55-30.bpo-32533.IzwkBI.rst +++ /dev/null @@ -1 +0,0 @@ -Fixed thread-safety of error handling in _ssl. diff --git a/Misc/NEWS.d/next/Security/2018-06-26-19-35-33.bpo-33871.S4HR9n.rst b/Misc/NEWS.d/next/Security/2018-06-26-19-35-33.bpo-33871.S4HR9n.rst deleted file mode 100644 index 547342c..0000000 --- a/Misc/NEWS.d/next/Security/2018-06-26-19-35-33.bpo-33871.S4HR9n.rst +++ /dev/null @@ -1,3 +0,0 @@ -Fixed sending the part of the file in :func:`os.sendfile` on macOS. Using -the *trailers* argument could cause sending more bytes from the input file -than was specified. diff --git a/Misc/NEWS.d/next/Security/2018-08-15-12-12-47.bpo-34405.qbHTH_.rst b/Misc/NEWS.d/next/Security/2018-08-15-12-12-47.bpo-34405.qbHTH_.rst deleted file mode 100644 index a3a006f..0000000 --- a/Misc/NEWS.d/next/Security/2018-08-15-12-12-47.bpo-34405.qbHTH_.rst +++ /dev/null @@ -1 +0,0 @@ -Updated to OpenSSL 1.1.0i for Windows builds. diff --git a/Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst b/Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst deleted file mode 100644 index cbaa4b7..0000000 --- a/Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst +++ /dev/null @@ -1,2 +0,0 @@ -CVE-2018-14647: The C accelerated _elementtree module now initializes hash -randomization salt from _Py_HashSecret instead of libexpat's default CSPRNG. diff --git a/Misc/NEWS.d/next/Security/2018-09-11-18-30-55.bpo-17239.kOpwK2.rst b/Misc/NEWS.d/next/Security/2018-09-11-18-30-55.bpo-17239.kOpwK2.rst deleted file mode 100644 index 8dd0fe8..0000000 --- a/Misc/NEWS.d/next/Security/2018-09-11-18-30-55.bpo-17239.kOpwK2.rst +++ /dev/null @@ -1,3 +0,0 @@ -The xml.sax and xml.dom.minidom parsers no longer processes external -entities by default. External DTD and ENTITY declarations no longer -load files or create network connections. diff --git a/Misc/NEWS.d/next/Security/2018-09-24-18-49-25.bpo-34791.78GmIG.rst b/Misc/NEWS.d/next/Security/2018-09-24-18-49-25.bpo-34791.78GmIG.rst deleted file mode 100644 index afb59f8..0000000 --- a/Misc/NEWS.d/next/Security/2018-09-24-18-49-25.bpo-34791.78GmIG.rst +++ /dev/null @@ -1,3 +0,0 @@ -The xml.sax and xml.dom.domreg no longer use environment variables to -override parser implementations when sys.flags.ignore_environment is set by --E or -I arguments. diff --git a/Misc/NEWS.d/next/Security/2018-11-23-15-00-23.bpo-34812.84VQnb.rst b/Misc/NEWS.d/next/Security/2018-11-23-15-00-23.bpo-34812.84VQnb.rst deleted file mode 100644 index 860404f..0000000 --- a/Misc/NEWS.d/next/Security/2018-11-23-15-00-23.bpo-34812.84VQnb.rst +++ /dev/null @@ -1,4 +0,0 @@ -The :option:`-I` command line option (run Python in isolated mode) is now -also copied by the :mod:`multiprocessing` and :mod:`distutils` modules when -spawning child processes. Previously, only :option:`-E` and :option:`-s` options -(enabled by :option:`-I`) were copied. diff --git a/Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst b/Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst deleted file mode 100644 index dffe347..0000000 --- a/Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst +++ /dev/null @@ -1,3 +0,0 @@ -[CVE-2019-5010] Fix a NULL pointer deref in ssl module. The cert parser did -not handle CRL distribution points with empty DP or URI correctly. A -malicious or buggy certificate can result into segfault. |