diff options
author | R David Murray <rdmurray@bitdance.com> | 2013-09-18 00:32:54 (GMT) |
---|---|---|
committer | R David Murray <rdmurray@bitdance.com> | 2013-09-18 00:32:54 (GMT) |
commit | 8270a2c209836c49fb2909c3af6117c46439b86e (patch) | |
tree | 76f71c56f744f5aa050cf07b6f326029c6ce7097 /Misc | |
parent | 945a251e4ab8b4ebbb77604a64fa9b53b725ec6c (diff) | |
parent | 104aab956f6de4131cab800f742cc108f9f92edf (diff) | |
download | cpython-8270a2c209836c49fb2909c3af6117c46439b86e.zip cpython-8270a2c209836c49fb2909c3af6117c46439b86e.tar.gz cpython-8270a2c209836c49fb2909c3af6117c46439b86e.tar.bz2 |
Merge #14984: On POSIX, enforce permissions when reading default .netrc.
Diffstat (limited to 'Misc')
-rw-r--r-- | Misc/NEWS | 6 |
1 files changed, 6 insertions, 0 deletions
@@ -10,6 +10,12 @@ What's New in Python 3.2.6? Library ------- +- Issue #14984: On POSIX systems, when netrc is called without a filename + argument (and therefore is reading the user's $HOME/.netrc file), it now + enforces the same security rules as typical ftp clients: the .netrc file must + be owned by the user that owns the process and must not be readable by any + other user. + - Fix tkinter regression introduced by the security fix in issue #16248. - Issue #17980: Fix possible abuse of ssl.match_hostname() for denial of |