diff options
| author | Ned Deily <nad@python.org> | 2022-12-06 18:58:45 (GMT) |
|---|---|---|
| committer | Ned Deily <nad@python.org> | 2022-12-06 19:00:00 (GMT) |
| commit | 3f82aa744678620a811927dc4e56ad9c7c3d0c14 (patch) | |
| tree | 01cdee2a8e1eb7bf7c0c87120ea566559a1b6117 /Misc/NEWS.d/next | |
| parent | b5bdf6a90d0c2a9c12b671340f7776e233ef625a (diff) | |
| download | cpython-3.7.16.zip cpython-3.7.16.tar.gz cpython-3.7.16.tar.bz2 | |
Python 3.7.16v3.7.16
Diffstat (limited to 'Misc/NEWS.d/next')
5 files changed, 0 insertions, 18 deletions
diff --git a/Misc/NEWS.d/next/Security/2022-04-27-18-25-30.gh-issue-68966.gjS8zs.rst b/Misc/NEWS.d/next/Security/2022-04-27-18-25-30.gh-issue-68966.gjS8zs.rst deleted file mode 100644 index da81a1f..0000000 --- a/Misc/NEWS.d/next/Security/2022-04-27-18-25-30.gh-issue-68966.gjS8zs.rst +++ /dev/null @@ -1,4 +0,0 @@ -The deprecated mailcap module now refuses to inject unsafe text (filenames, -MIME types, parameters) into shell commands. Instead of using such text, it -will warn and act as if a match was not found (or for test commands, as if -the test failed). diff --git a/Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst b/Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst deleted file mode 100644 index 2d23a6a..0000000 --- a/Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst +++ /dev/null @@ -1 +0,0 @@ -Port XKCP's fix for the buffer overflows in SHA-3 (CVE-2022-37454). diff --git a/Misc/NEWS.d/next/Security/2022-10-26-21-04-23.gh-issue-98739.keBWcY.rst b/Misc/NEWS.d/next/Security/2022-10-26-21-04-23.gh-issue-98739.keBWcY.rst deleted file mode 100644 index b63a54b..0000000 --- a/Misc/NEWS.d/next/Security/2022-10-26-21-04-23.gh-issue-98739.keBWcY.rst +++ /dev/null @@ -1 +0,0 @@ -Update bundled libexpat to 2.5.0 diff --git a/Misc/NEWS.d/next/Security/2022-11-04-09-29-36.gh-issue-98433.l76c5G.rst b/Misc/NEWS.d/next/Security/2022-11-04-09-29-36.gh-issue-98433.l76c5G.rst deleted file mode 100644 index 5185fac..0000000 --- a/Misc/NEWS.d/next/Security/2022-11-04-09-29-36.gh-issue-98433.l76c5G.rst +++ /dev/null @@ -1,6 +0,0 @@ -The IDNA codec decoder used on DNS hostnames by :mod:`socket` or :mod:`asyncio` -related name resolution functions no longer involves a quadratic algorithm. -This prevents a potential CPU denial of service if an out-of-spec excessive -length hostname involving bidirectional characters were decoded. Some protocols -such as :mod:`urllib` http ``3xx`` redirects potentially allow for an attacker -to supply such a name. diff --git a/Misc/NEWS.d/next/Security/2022-12-05-01-39-10.gh-issue-100001.uD05Fc.rst b/Misc/NEWS.d/next/Security/2022-12-05-01-39-10.gh-issue-100001.uD05Fc.rst deleted file mode 100644 index a396e95..0000000 --- a/Misc/NEWS.d/next/Security/2022-12-05-01-39-10.gh-issue-100001.uD05Fc.rst +++ /dev/null @@ -1,6 +0,0 @@ -``python -m http.server`` no longer allows terminal control characters sent -within a garbage request to be printed to the stderr server log. - -This is done by changing the :mod:`http.server` :class:`BaseHTTPRequestHandler` -``.log_message`` method to replace control characters with a ``\xHH`` hex escape -before printing. |