summaryrefslogtreecommitdiffstats
path: root/Misc
diff options
context:
space:
mode:
authorNed Deily <nad@python.org>2021-02-16 01:30:33 (GMT)
committerNed Deily <nad@python.org>2021-02-16 01:30:33 (GMT)
commitaa73e1722eb9835dc99fd8983885a141112ee4ab (patch)
tree3688f4062c7376ee755afd5b266850c4b0d6e155 /Misc
parent5c17dfc5d70ce88be99bc5769b91ce79d7a90d61 (diff)
downloadcpython-3.6.13.zip
cpython-3.6.13.tar.gz
cpython-3.6.13.tar.bz2
3.6.13v3.6.13
Diffstat (limited to 'Misc')
-rw-r--r--Misc/NEWS.d/3.6.13.rst90
-rw-r--r--Misc/NEWS.d/next/Core and Builtins/2018-12-22-22-19-51.bpo-35560.9vMWSP.rst3
-rw-r--r--Misc/NEWS.d/next/Library/2020-10-23-19-20-14.bpo-42103.C5obK2.rst3
-rw-r--r--Misc/NEWS.d/next/Security/2020-05-28-06-06-47.bpo-40791.QGZClX.rst1
-rw-r--r--Misc/NEWS.d/next/Security/2020-10-19-10-56-27.bpo-42051.EU_B7u.rst3
-rw-r--r--Misc/NEWS.d/next/Security/2020-10-23-19-19-30.bpo-42103.cILT66.rst2
-rw-r--r--Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst2
-rw-r--r--Misc/NEWS.d/next/Security/2021-02-14-15-59-16.bpo-42967.YApqDS.rst1
-rw-r--r--Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst1
-rw-r--r--Misc/NEWS.d/next/Tests/2021-01-01-08-52-36.bpo-42794.-7-XGz.rst2
10 files changed, 90 insertions, 18 deletions
diff --git a/Misc/NEWS.d/3.6.13.rst b/Misc/NEWS.d/3.6.13.rst
new file mode 100644
index 0000000..2689897
--- /dev/null
+++ b/Misc/NEWS.d/3.6.13.rst
@@ -0,0 +1,90 @@
+.. bpo: 42967
+.. date: 2021-02-14-15-59-16
+.. nonce: YApqDS
+.. release date: 2021-02-15
+.. section: Security
+
+Fix web cache poisoning vulnerability by defaulting the query args separator
+to ``&``, and allowing the user to choose a custom separator.
+
+..
+
+.. bpo: 42938
+.. date: 2021-01-18-09-27-31
+.. nonce: 4Zn4Mp
+.. section: Security
+
+Avoid static buffers when computing the repr of :class:`ctypes.c_double` and
+:class:`ctypes.c_longdouble` values.
+
+..
+
+.. bpo: 42103
+.. date: 2020-10-23-19-19-30
+.. nonce: cILT66
+.. section: Security
+
+Prevented potential DoS attack via CPU and RAM exhaustion when processing
+malformed Apple Property List files in binary format.
+
+..
+
+.. bpo: 42051
+.. date: 2020-10-19-10-56-27
+.. nonce: EU_B7u
+.. section: Security
+
+The :mod:`plistlib` module no longer accepts entity declarations in XML
+plist files to avoid XML vulnerabilities. This should not affect users as
+entity declarations are not used in regular plist files.
+
+..
+
+.. bpo: 40791
+.. date: 2020-05-28-06-06-47
+.. nonce: QGZClX
+.. section: Security
+
+Add ``volatile`` to the accumulator variable in ``hmac.compare_digest``,
+making constant-time-defeating optimizations less likely.
+
+..
+
+.. bpo: 35560
+.. date: 2018-12-22-22-19-51
+.. nonce: 9vMWSP
+.. section: Core and Builtins
+
+Fix an assertion error in :func:`format` in debug build for floating point
+formatting with "n" format, zero padding and small width. Release build is
+not impacted. Patch by Karthikeyan Singaravelan.
+
+..
+
+.. bpo: 42103
+.. date: 2020-10-23-19-20-14
+.. nonce: C5obK2
+.. section: Library
+
+:exc:`~plistlib.InvalidFileException` and :exc:`RecursionError` are now the
+only errors caused by loading malformed binary Plist file (previously
+ValueError and TypeError could be raised in some specific cases).
+
+..
+
+.. bpo: 42794
+.. date: 2021-01-01-08-52-36
+.. nonce: -7-XGz
+.. section: Tests
+
+Update test_nntplib to use offical group name of news.aioe.org for testing.
+Patch by Dong-hee Na.
+
+..
+
+.. bpo: 41944
+.. date: 2020-10-05-17-43-46
+.. nonce: rf1dYb
+.. section: Tests
+
+Tests for CJK codecs no longer call ``eval()`` on content received via HTTP.
diff --git a/Misc/NEWS.d/next/Core and Builtins/2018-12-22-22-19-51.bpo-35560.9vMWSP.rst b/Misc/NEWS.d/next/Core and Builtins/2018-12-22-22-19-51.bpo-35560.9vMWSP.rst
deleted file mode 100644
index 01458f1..0000000
--- a/Misc/NEWS.d/next/Core and Builtins/2018-12-22-22-19-51.bpo-35560.9vMWSP.rst
+++ /dev/null
@@ -1,3 +0,0 @@
-Fix an assertion error in :func:`format` in debug build for floating point
-formatting with "n" format, zero padding and small width. Release build is
-not impacted. Patch by Karthikeyan Singaravelan.
diff --git a/Misc/NEWS.d/next/Library/2020-10-23-19-20-14.bpo-42103.C5obK2.rst b/Misc/NEWS.d/next/Library/2020-10-23-19-20-14.bpo-42103.C5obK2.rst
deleted file mode 100644
index 4eb694c..0000000
--- a/Misc/NEWS.d/next/Library/2020-10-23-19-20-14.bpo-42103.C5obK2.rst
+++ /dev/null
@@ -1,3 +0,0 @@
-:exc:`~plistlib.InvalidFileException` and :exc:`RecursionError` are now
-the only errors caused by loading malformed binary Plist file (previously
-ValueError and TypeError could be raised in some specific cases).
diff --git a/Misc/NEWS.d/next/Security/2020-05-28-06-06-47.bpo-40791.QGZClX.rst b/Misc/NEWS.d/next/Security/2020-05-28-06-06-47.bpo-40791.QGZClX.rst
deleted file mode 100644
index 69b9de1..0000000
--- a/Misc/NEWS.d/next/Security/2020-05-28-06-06-47.bpo-40791.QGZClX.rst
+++ /dev/null
@@ -1 +0,0 @@
-Add ``volatile`` to the accumulator variable in ``hmac.compare_digest``, making constant-time-defeating optimizations less likely. \ No newline at end of file
diff --git a/Misc/NEWS.d/next/Security/2020-10-19-10-56-27.bpo-42051.EU_B7u.rst b/Misc/NEWS.d/next/Security/2020-10-19-10-56-27.bpo-42051.EU_B7u.rst
deleted file mode 100644
index e865ed1..0000000
--- a/Misc/NEWS.d/next/Security/2020-10-19-10-56-27.bpo-42051.EU_B7u.rst
+++ /dev/null
@@ -1,3 +0,0 @@
-The :mod:`plistlib` module no longer accepts entity declarations in XML
-plist files to avoid XML vulnerabilities. This should not affect users as
-entity declarations are not used in regular plist files.
diff --git a/Misc/NEWS.d/next/Security/2020-10-23-19-19-30.bpo-42103.cILT66.rst b/Misc/NEWS.d/next/Security/2020-10-23-19-19-30.bpo-42103.cILT66.rst
deleted file mode 100644
index 15d7b65..0000000
--- a/Misc/NEWS.d/next/Security/2020-10-23-19-19-30.bpo-42103.cILT66.rst
+++ /dev/null
@@ -1,2 +0,0 @@
-Prevented potential DoS attack via CPU and RAM exhaustion when processing
-malformed Apple Property List files in binary format.
diff --git a/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
deleted file mode 100644
index 7df65a1..0000000
--- a/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
+++ /dev/null
@@ -1,2 +0,0 @@
-Avoid static buffers when computing the repr of :class:`ctypes.c_double` and
-:class:`ctypes.c_longdouble` values.
diff --git a/Misc/NEWS.d/next/Security/2021-02-14-15-59-16.bpo-42967.YApqDS.rst b/Misc/NEWS.d/next/Security/2021-02-14-15-59-16.bpo-42967.YApqDS.rst
deleted file mode 100644
index f08489b..0000000
--- a/Misc/NEWS.d/next/Security/2021-02-14-15-59-16.bpo-42967.YApqDS.rst
+++ /dev/null
@@ -1 +0,0 @@
-Fix web cache poisoning vulnerability by defaulting the query args separator to ``&``, and allowing the user to choose a custom separator.
diff --git a/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst b/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst
deleted file mode 100644
index 4f9782f..0000000
--- a/Misc/NEWS.d/next/Tests/2020-10-05-17-43-46.bpo-41944.rf1dYb.rst
+++ /dev/null
@@ -1 +0,0 @@
-Tests for CJK codecs no longer call ``eval()`` on content received via HTTP.
diff --git a/Misc/NEWS.d/next/Tests/2021-01-01-08-52-36.bpo-42794.-7-XGz.rst b/Misc/NEWS.d/next/Tests/2021-01-01-08-52-36.bpo-42794.-7-XGz.rst
deleted file mode 100644
index 577f225..0000000
--- a/Misc/NEWS.d/next/Tests/2021-01-01-08-52-36.bpo-42794.-7-XGz.rst
+++ /dev/null
@@ -1,2 +0,0 @@
-Update test_nntplib to use offical group name of news.aioe.org for testing.
-Patch by Dong-hee Na.
generated by cgit v0.12 at 2025-12-29 16:44:05 (GMT)