diff options
Diffstat (limited to 'Misc/NEWS.d/next/Security')
7 files changed, 0 insertions, 30 deletions
diff --git a/Misc/NEWS.d/next/Security/0338.bpo-29591.ExKblw.rst b/Misc/NEWS.d/next/Security/0338.bpo-29591.ExKblw.rst deleted file mode 100644 index 7394ac2..0000000 --- a/Misc/NEWS.d/next/Security/0338.bpo-29591.ExKblw.rst +++ /dev/null @@ -1,5 +0,0 @@ -.. original section: Library - -Update expat copy from 2.1.1 to 2.2.0 to get fixes of CVE-2016-0718 and -CVE-2016-4472. See https://sourceforge.net/p/expat/bugs/537/ for more -information. diff --git a/Misc/NEWS.d/next/Security/0342.bpo-30500.1VG7R-.rst b/Misc/NEWS.d/next/Security/0342.bpo-30500.1VG7R-.rst deleted file mode 100644 index adf4645..0000000 --- a/Misc/NEWS.d/next/Security/0342.bpo-30500.1VG7R-.rst +++ /dev/null @@ -1,6 +0,0 @@ -.. original section: Library - -Fix urllib.parse.splithost() to correctly parse fragments. For example, -``splithost('//127.0.0.1#@evil.com/')`` now correctly returns the -``127.0.0.1`` host, instead of treating ``@evil.com`` as the host in an -authentification (``login@host``). diff --git a/Misc/NEWS.d/next/Security/0344.bpo-30694.WkMWM_.rst b/Misc/NEWS.d/next/Security/0344.bpo-30694.WkMWM_.rst deleted file mode 100644 index ebbd359..0000000 --- a/Misc/NEWS.d/next/Security/0344.bpo-30694.WkMWM_.rst +++ /dev/null @@ -1,10 +0,0 @@ -.. original section: Library - -Upgrade expat copy from 2.2.0 to 2.2.1 to get fixes of multiple security -vulnerabilities including: CVE-2017-9233 (External entity infinite loop -DoS), CVE-2016-9063 (Integer overflow, re-fix), CVE-2016-0718 (Fix -regression bugs from 2.2.0's fix to CVE-2016-0718) and CVE-2012-0876 -(Counter hash flooding with SipHash). Note: the CVE-2016-5300 (Use os- -specific entropy sources like getrandom) doesn't impact Python, since Python -already gets entropy from the OS to set the expat secret using -``XML_SetHashSalt()``. diff --git a/Misc/NEWS.d/next/Security/0347.bpo-30730.rJsyTH.rst b/Misc/NEWS.d/next/Security/0347.bpo-30730.rJsyTH.rst deleted file mode 100644 index 008aa70..0000000 --- a/Misc/NEWS.d/next/Security/0347.bpo-30730.rJsyTH.rst +++ /dev/null @@ -1,4 +0,0 @@ -.. original section: Library - -Prevent environment variables injection in subprocess on Windows. Prevent -passing other environment variables and command arguments. diff --git a/Misc/NEWS.d/next/Security/2017-08-16-16-35-59.bpo-30947.iNMmm4.rst b/Misc/NEWS.d/next/Security/2017-08-16-16-35-59.bpo-30947.iNMmm4.rst deleted file mode 100644 index 3caca9a7..0000000 --- a/Misc/NEWS.d/next/Security/2017-08-16-16-35-59.bpo-30947.iNMmm4.rst +++ /dev/null @@ -1,2 +0,0 @@ -Upgrade libexpat embedded copy from version 2.2.1 to 2.2.3 to get security -fixes. diff --git a/Misc/NEWS.d/next/Security/2017-08-23-17-02-55.bpo-29505.BL6Yt8.rst b/Misc/NEWS.d/next/Security/2017-08-23-17-02-55.bpo-29505.BL6Yt8.rst deleted file mode 100644 index 9a0fb16..0000000 --- a/Misc/NEWS.d/next/Security/2017-08-23-17-02-55.bpo-29505.BL6Yt8.rst +++ /dev/null @@ -1 +0,0 @@ -Add fuzz tests for float(str), int(str), unicode(str); for oss-fuzz. diff --git a/Misc/NEWS.d/next/Security/2017-09-05-15-26-30.bpo-29781.LwYtBP.rst b/Misc/NEWS.d/next/Security/2017-09-05-15-26-30.bpo-29781.LwYtBP.rst deleted file mode 100644 index b9106a5..0000000 --- a/Misc/NEWS.d/next/Security/2017-09-05-15-26-30.bpo-29781.LwYtBP.rst +++ /dev/null @@ -1,2 +0,0 @@ -SSLObject.version() now correctly returns None when handshake over BIO has -not been performed yet. |