bpo-30730: Prevent environment variables injection in subprocess on Windows. (#2325)

Prevent passing other invalid environment variables and command arguments.
author: Serhiy Storchaka <storchaka@gmail.com> 2017-06-23 16:39:27 (GMT)
committer: GitHub <noreply@github.com> 2017-06-23 16:39:27 (GMT)
commit: d174d24a5d37d1516b885dc7c82f71ecd5930700 (patch)
tree: d9fd67e5993b32d8b80c58099dd4a6aa0672722b /Misc/NEWS
parent: d352d689775699c289e011e8cec52c23c600b7fa (diff)
download: cpython-d174d24a5d37d1516b885dc7c82f71ecd5930700.zip
cpython-d174d24a5d37d1516b885dc7c82f71ecd5930700.tar.gz
cpython-d174d24a5d37d1516b885dc7c82f71ecd5930700.tar.bz2
1 files changed, 3 insertions, 0 deletions
diff --git a/Misc/NEWS b/Misc/NEWS
index 33a1593..55e5bce 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -374,6 +374,9 @@ Extension Modules
 Library
 -------
 
+- [Security] bpo-30730: Prevent environment variables injection in subprocess on
+  Windows.  Prevent passing other environment variables and command arguments.
+
 - bpo-21071: struct.Struct.format type is now :class:`str` instead of
   :class:`bytes`.
author	Serhiy Storchaka <storchaka@gmail.com>	2017-06-23 16:39:27 (GMT)
committer	GitHub <noreply@github.com>	2017-06-23 16:39:27 (GMT)
commit	d174d24a5d37d1516b885dc7c82f71ecd5930700 (patch)
tree	d9fd67e5993b32d8b80c58099dd4a6aa0672722b /Misc/NEWS
parent	d352d689775699c289e011e8cec52c23c600b7fa (diff)
download	cpython-d174d24a5d37d1516b885dc7c82f71ecd5930700.zip cpython-d174d24a5d37d1516b885dc7c82f71ecd5930700.tar.gz cpython-d174d24a5d37d1516b885dc7c82f71ecd5930700.tar.bz2