3.6.11rc1v3.6.11rc1

4 files changed, 0 insertions, 8 deletions

diff --git a/Misc/NEWS.d/next/Security/2020-01-28-20-54-09.bpo-39401.he7h_A.rst b/Misc/NEWS.d/next/Security/2020-01-28-20-54-09.bpo-39401.he7h_A.rst
deleted file mode 100644
index 5071e126b70..00000000000
--- a/Misc/NEWS.d/next/Security/2020-01-28-20-54-09.bpo-39401.he7h_A.rst
+++ /dev/null
@@ -1 +0,0 @@
-Avoid unsafe load of ``api-ms-win-core-path-l1-1-0.dll`` at startup on Windows 7.
diff --git a/Misc/NEWS.d/next/Security/2020-01-30-16-15-29.bpo-39503.B299Yq.rst b/Misc/NEWS.d/next/Security/2020-01-30-16-15-29.bpo-39503.B299Yq.rst
deleted file mode 100644
index 9f2800581ca..00000000000
--- a/Misc/NEWS.d/next/Security/2020-01-30-16-15-29.bpo-39503.B299Yq.rst
+++ /dev/null
@@ -1,5 +0,0 @@
-CVE-2020-8492: The :class:`~urllib.request.AbstractBasicAuthHandler` class of the
-:mod:`urllib.request` module uses an inefficient regular expression which can
-be exploited by an attacker to cause a denial of service. Fix the regex to
-prevent the catastrophic backtracking. Vulnerability reported by Ben Caller
-and Matt Schwager.
diff --git a/Misc/NEWS.d/next/Security/2020-03-14-14-57-44.bpo-38576.OowwQn.rst b/Misc/NEWS.d/next/Security/2020-03-14-14-57-44.bpo-38576.OowwQn.rst
deleted file mode 100644
index 34b8af28988..00000000000
--- a/Misc/NEWS.d/next/Security/2020-03-14-14-57-44.bpo-38576.OowwQn.rst
+++ /dev/null
@@ -1 +0,0 @@
-Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised.
\ No newline at end of file
diff --git a/Misc/NEWS.d/next/Security/2020-03-15-01-28-36.bpo-39073.6Szd3i.rst b/Misc/NEWS.d/next/Security/2020-03-15-01-28-36.bpo-39073.6Szd3i.rst
deleted file mode 100644
index 6c9447b897b..00000000000
--- a/Misc/NEWS.d/next/Security/2020-03-15-01-28-36.bpo-39073.6Szd3i.rst
+++ /dev/null
@@ -1 +0,0 @@
-Disallow CR or LF in email.headerregistry.Address arguments to guard against header injection attacks.