diff options
author | Ned Deily <nad@python.org> | 2020-06-17 06:59:51 -0400 |
---|---|---|
committer | Ned Deily <nad@python.org> | 2020-06-17 06:59:51 -0400 |
commit | d384df407ebdbb1ab386597658f1ac78e8803afe (patch) | |
tree | 59e4b77f405b2157f8e4d9ed0445f7901bfb4f5f /Misc/NEWS.d/next/Security | |
parent | bpo-39073: validate Address parts to disallow CRLF (GH-19007) (#19224) (diff) | |
download | cpython-d384df407ebdbb1ab386597658f1ac78e8803afe.tar.gz cpython-d384df407ebdbb1ab386597658f1ac78e8803afe.tar.bz2 cpython-d384df407ebdbb1ab386597658f1ac78e8803afe.zip |
3.6.11rc1v3.6.11rc1
Diffstat (limited to 'Misc/NEWS.d/next/Security')
4 files changed, 0 insertions, 8 deletions
diff --git a/Misc/NEWS.d/next/Security/2020-01-28-20-54-09.bpo-39401.he7h_A.rst b/Misc/NEWS.d/next/Security/2020-01-28-20-54-09.bpo-39401.he7h_A.rst deleted file mode 100644 index 5071e126b70..00000000000 --- a/Misc/NEWS.d/next/Security/2020-01-28-20-54-09.bpo-39401.he7h_A.rst +++ /dev/null @@ -1 +0,0 @@ -Avoid unsafe load of ``api-ms-win-core-path-l1-1-0.dll`` at startup on Windows 7. diff --git a/Misc/NEWS.d/next/Security/2020-01-30-16-15-29.bpo-39503.B299Yq.rst b/Misc/NEWS.d/next/Security/2020-01-30-16-15-29.bpo-39503.B299Yq.rst deleted file mode 100644 index 9f2800581ca..00000000000 --- a/Misc/NEWS.d/next/Security/2020-01-30-16-15-29.bpo-39503.B299Yq.rst +++ /dev/null @@ -1,5 +0,0 @@ -CVE-2020-8492: The :class:`~urllib.request.AbstractBasicAuthHandler` class of the -:mod:`urllib.request` module uses an inefficient regular expression which can -be exploited by an attacker to cause a denial of service. Fix the regex to -prevent the catastrophic backtracking. Vulnerability reported by Ben Caller -and Matt Schwager. diff --git a/Misc/NEWS.d/next/Security/2020-03-14-14-57-44.bpo-38576.OowwQn.rst b/Misc/NEWS.d/next/Security/2020-03-14-14-57-44.bpo-38576.OowwQn.rst deleted file mode 100644 index 34b8af28988..00000000000 --- a/Misc/NEWS.d/next/Security/2020-03-14-14-57-44.bpo-38576.OowwQn.rst +++ /dev/null @@ -1 +0,0 @@ -Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised.
\ No newline at end of file diff --git a/Misc/NEWS.d/next/Security/2020-03-15-01-28-36.bpo-39073.6Szd3i.rst b/Misc/NEWS.d/next/Security/2020-03-15-01-28-36.bpo-39073.6Szd3i.rst deleted file mode 100644 index 6c9447b897b..00000000000 --- a/Misc/NEWS.d/next/Security/2020-03-15-01-28-36.bpo-39073.6Szd3i.rst +++ /dev/null @@ -1 +0,0 @@ -Disallow CR or LF in email.headerregistry.Address arguments to guard against header injection attacks. |