summaryrefslogtreecommitdiffstats
path: root/Misc
diff options
context:
space:
mode:
authorNed Deily <nad@python.org>2023-06-05 20:40:12 (GMT)
committerNed Deily <nad@python.org>2023-06-05 20:45:13 (GMT)
commitecd9946c9d1df7cd1aa15d08d72bbcc0899d272d (patch)
tree38f87d626b58799a9753747fe8fd25fa0dee2055 /Misc
parent417ac32e7dba077a8a130aac38d2b8e4af9e9ae5 (diff)
downloadcpython-3.7.17.zip
cpython-3.7.17.tar.gz
cpython-3.7.17.tar.bz2
Python 3.7.17v3.7.17
Diffstat (limited to 'Misc')
-rw-r--r--Misc/NEWS.d/3.7.17.rst89
-rw-r--r--Misc/NEWS.d/next/Build/2023-02-27-18-55-32.gh-issue-102306.bkokFL.rst1
-rw-r--r--Misc/NEWS.d/next/Library/2023-02-17-18-44-27.gh-issue-101997.A6_blD.rst1
-rw-r--r--Misc/NEWS.d/next/Security/2023-01-24-16-12-00.gh-issue-101283.9tqu39.rst3
-rw-r--r--Misc/NEWS.d/next/Security/2023-02-08-22-03-04.gh-issue-101727.9P5eZz.rst4
-rw-r--r--Misc/NEWS.d/next/Security/2023-03-07-20-59-17.gh-issue-102153.14CLSZ.rst3
-rw-r--r--Misc/NEWS.d/next/Security/2023-05-01-15-03-25.gh-issue-104049.b01Y3g.rst2
-rw-r--r--Misc/NEWS.d/next/Security/2023-05-02-17-56-32.gh-issue-99889.l664SU.rst2
-rw-r--r--Misc/NEWS.d/next/Security/2023-06-05-04-07-52.gh-issue-103142.GLWDMX.rst2
-rw-r--r--Misc/NEWS.d/next/Windows/2023-01-09-23-03-57.gh-issue-100180.b5phrg.rst1
10 files changed, 89 insertions, 19 deletions
diff --git a/Misc/NEWS.d/3.7.17.rst b/Misc/NEWS.d/3.7.17.rst
new file mode 100644
index 0000000..201dff3
--- /dev/null
+++ b/Misc/NEWS.d/3.7.17.rst
@@ -0,0 +1,89 @@
+.. date: 2023-06-05-04-07-52
+.. gh-issue: 103142
+.. nonce: GLWDMX
+.. release date: 2023-06-05
+.. section: Security
+
+The version of OpenSSL used in our binary builds has been upgraded to 1.1.1u
+to address several CVEs.
+
+..
+
+.. date: 2023-05-02-17-56-32
+.. gh-issue: 99889
+.. nonce: l664SU
+.. section: Security
+
+Fixed a security in flaw in :func:`uu.decode` that could allow for directory
+traversal based on the input if no ``out_file`` was specified.
+
+..
+
+.. date: 2023-05-01-15-03-25
+.. gh-issue: 104049
+.. nonce: b01Y3g
+.. section: Security
+
+Do not expose the local on-disk location in directory indexes produced by
+:class:`http.client.SimpleHTTPRequestHandler`.
+
+..
+
+.. date: 2023-03-07-20-59-17
+.. gh-issue: 102153
+.. nonce: 14CLSZ
+.. section: Security
+
+:func:`urllib.parse.urlsplit` now strips leading C0 control and space
+characters following the specification for URLs defined by WHATWG in
+response to CVE-2023-24329. Patch by Illia Volochii.
+
+..
+
+.. date: 2023-02-08-22-03-04
+.. gh-issue: 101727
+.. nonce: 9P5eZz
+.. section: Security
+
+Updated the OpenSSL version used in Windows and macOS binary release builds
+to 1.1.1t to address CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 per
+`the OpenSSL 2023-02-07 security advisory
+<https://www.openssl.org/news/secadv/20230207.txt>`_.
+
+..
+
+.. date: 2023-01-24-16-12-00
+.. gh-issue: 101283
+.. nonce: 9tqu39
+.. section: Security
+
+:class:`subprocess.Popen` now uses a safer approach to find ``cmd.exe`` when
+launching with ``shell=True``. Patch by Eryk Sun, based on a patch by Oleg
+Iarygin.
+
+..
+
+.. date: 2023-02-17-18-44-27
+.. gh-issue: 101997
+.. nonce: A6_blD
+.. section: Library
+
+Upgrade pip wheel bundled with ensurepip (pip 23.0.1)
+
+..
+
+.. date: 2023-02-27-18-55-32
+.. gh-issue: 102306
+.. nonce: bkokFL
+.. section: Build
+
+Avoid GHA CI macOS test_posix failure by using the appropriate macOS SDK.
+
+..
+
+.. date: 2023-01-09-23-03-57
+.. gh-issue: 100180
+.. nonce: b5phrg
+.. section: Windows
+
+Update Windows installer to OpenSSL 1.1.1s
diff --git a/Misc/NEWS.d/next/Build/2023-02-27-18-55-32.gh-issue-102306.bkokFL.rst b/Misc/NEWS.d/next/Build/2023-02-27-18-55-32.gh-issue-102306.bkokFL.rst
deleted file mode 100644
index ba331a0..0000000
--- a/Misc/NEWS.d/next/Build/2023-02-27-18-55-32.gh-issue-102306.bkokFL.rst
+++ /dev/null
@@ -1 +0,0 @@
-Avoid GHA CI macOS test_posix failure by using the appropriate macOS SDK.
diff --git a/Misc/NEWS.d/next/Library/2023-02-17-18-44-27.gh-issue-101997.A6_blD.rst b/Misc/NEWS.d/next/Library/2023-02-17-18-44-27.gh-issue-101997.A6_blD.rst
deleted file mode 100644
index f9dfd46..0000000
--- a/Misc/NEWS.d/next/Library/2023-02-17-18-44-27.gh-issue-101997.A6_blD.rst
+++ /dev/null
@@ -1 +0,0 @@
-Upgrade pip wheel bundled with ensurepip (pip 23.0.1)
diff --git a/Misc/NEWS.d/next/Security/2023-01-24-16-12-00.gh-issue-101283.9tqu39.rst b/Misc/NEWS.d/next/Security/2023-01-24-16-12-00.gh-issue-101283.9tqu39.rst
deleted file mode 100644
index 0efdfa1..0000000
--- a/Misc/NEWS.d/next/Security/2023-01-24-16-12-00.gh-issue-101283.9tqu39.rst
+++ /dev/null
@@ -1,3 +0,0 @@
-:class:`subprocess.Popen` now uses a safer approach to find
-``cmd.exe`` when launching with ``shell=True``. Patch by Eryk Sun,
-based on a patch by Oleg Iarygin.
diff --git a/Misc/NEWS.d/next/Security/2023-02-08-22-03-04.gh-issue-101727.9P5eZz.rst b/Misc/NEWS.d/next/Security/2023-02-08-22-03-04.gh-issue-101727.9P5eZz.rst
deleted file mode 100644
index 43acc82..0000000
--- a/Misc/NEWS.d/next/Security/2023-02-08-22-03-04.gh-issue-101727.9P5eZz.rst
+++ /dev/null
@@ -1,4 +0,0 @@
-Updated the OpenSSL version used in Windows and macOS binary release builds
-to 1.1.1t to address CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 per
-`the OpenSSL 2023-02-07 security advisory
-<https://www.openssl.org/news/secadv/20230207.txt>`_.
diff --git a/Misc/NEWS.d/next/Security/2023-03-07-20-59-17.gh-issue-102153.14CLSZ.rst b/Misc/NEWS.d/next/Security/2023-03-07-20-59-17.gh-issue-102153.14CLSZ.rst
deleted file mode 100644
index e57ac4e..0000000
--- a/Misc/NEWS.d/next/Security/2023-03-07-20-59-17.gh-issue-102153.14CLSZ.rst
+++ /dev/null
@@ -1,3 +0,0 @@
-:func:`urllib.parse.urlsplit` now strips leading C0 control and space
-characters following the specification for URLs defined by WHATWG in
-response to CVE-2023-24329. Patch by Illia Volochii.
diff --git a/Misc/NEWS.d/next/Security/2023-05-01-15-03-25.gh-issue-104049.b01Y3g.rst b/Misc/NEWS.d/next/Security/2023-05-01-15-03-25.gh-issue-104049.b01Y3g.rst
deleted file mode 100644
index 969deb2..0000000
--- a/Misc/NEWS.d/next/Security/2023-05-01-15-03-25.gh-issue-104049.b01Y3g.rst
+++ /dev/null
@@ -1,2 +0,0 @@
-Do not expose the local on-disk location in directory indexes
-produced by :class:`http.client.SimpleHTTPRequestHandler`.
diff --git a/Misc/NEWS.d/next/Security/2023-05-02-17-56-32.gh-issue-99889.l664SU.rst b/Misc/NEWS.d/next/Security/2023-05-02-17-56-32.gh-issue-99889.l664SU.rst
deleted file mode 100644
index b7002e8..0000000
--- a/Misc/NEWS.d/next/Security/2023-05-02-17-56-32.gh-issue-99889.l664SU.rst
+++ /dev/null
@@ -1,2 +0,0 @@
-Fixed a security in flaw in :func:`uu.decode` that could allow for
-directory traversal based on the input if no ``out_file`` was specified.
diff --git a/Misc/NEWS.d/next/Security/2023-06-05-04-07-52.gh-issue-103142.GLWDMX.rst b/Misc/NEWS.d/next/Security/2023-06-05-04-07-52.gh-issue-103142.GLWDMX.rst
deleted file mode 100644
index 7e08368..0000000
--- a/Misc/NEWS.d/next/Security/2023-06-05-04-07-52.gh-issue-103142.GLWDMX.rst
+++ /dev/null
@@ -1,2 +0,0 @@
-The version of OpenSSL used in our binary builds has been upgraded to 1.1.1u
-to address several CVEs.
diff --git a/Misc/NEWS.d/next/Windows/2023-01-09-23-03-57.gh-issue-100180.b5phrg.rst b/Misc/NEWS.d/next/Windows/2023-01-09-23-03-57.gh-issue-100180.b5phrg.rst
deleted file mode 100644
index 5b0f425..0000000
--- a/Misc/NEWS.d/next/Windows/2023-01-09-23-03-57.gh-issue-100180.b5phrg.rst
+++ /dev/null
@@ -1 +0,0 @@
-Update Windows installer to OpenSSL 1.1.1s
generated by cgit v0.12 at 2025-12-29 16:28:06 (GMT)