Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/Misc/NEWS.d/next/Security
Commit message (Expand)AuthorAgeFilesLines
* [3.6] bpo-42967: only use '&' as a query string separator (GH-24297) (GH-24532)Senthil Kumaran2021-02-151-0/+1
* [3.6] closes bpo-42938: Replace snprintf with Python unicode formatting in ct...Benjamin Peterson2021-01-181-0/+2
* bpo-40791: Make compare_digest more constant-time. (GH-23438) (GH-23767)Miss Islington (bot)2020-12-141-0/+1
* [3.6] bpo-42103: Improve validation of Plist files. (GH-22882) (GH-23118)Serhiy Storchaka2020-11-101-0/+2
* bpo-42051: Reject XML entity declarations in plist files (GH-22760) (GH-22801...Miss Skeleton (bot)2020-10-201-0/+3
* 3.6.12v3.6.12Ned Deily2020-08-153-5/+0
* bpo-39603: Prevent header injection in http methods (GH-18485) (GH-21539)Miss Islington (bot)2020-07-191-0/+2
* [3.6] bpo-29778: Ensure python3.dll is loaded from correct locations when Pyt...Steve Dower2020-07-061-0/+2
* [3.6] bpo-41004: Resolve hash collisions for IPv4Interface and IPv6Interface ...Tapas Kundu2020-06-301-0/+1
* 3.6.11rc1v3.6.11rc1Ned Deily2020-06-174-8/+0
* bpo-39073: validate Address parts to disallow CRLF (GH-19007) (#19224)Miss Islington (bot)2020-05-271-0/+1
* bpo-39503: CVE-2020-8492: Fix AbstractBasicAuthHandler (GH-18284) (GH-19304)Victor Stinner2020-04-021-0/+5
* bpo-38576: Disallow control characters in hostnames in http.client (GH-18995)...Miss Islington (bot)2020-03-141-0/+1
* [3.6] bpo-39401: Avoid unsafe DLL load on Windows 7 and earlier (GH-18231) (G...Steve Dower2020-01-301-0/+1
* 3.6.10rc1v3.6.10rc1Ned Deily2019-12-117-16/+0
* [3.6] bpo-37228: Fix loop.create_datagram_endpoint()'s usage of SO_REUSEADDR ...Kyle Stanley2019-12-111-0/+6
* bpo-38945: UU Encoding: Don't let newline in filename corrupt the output form...Miss Islington (bot)2019-12-021-0/+1
* bpo-38804: Fix REDoS in http.cookiejar (GH-17157) (#17343)Miss Islington (bot)2019-11-221-0/+1
* bpo-38243, xmlrpc.server: Escape the server_title (GH-16373) (GH-16441)Victor Stinner2019-09-281-0/+3
* [3.6] closes bpo-38174: Update vendored expat library to 2.2.8. (GH-16410)Benjamin Peterson2019-09-251-0/+2
* [3.6] bpo-37461: Fix typo (inifite -> infinite) (#15432)GeeTransit2019-08-241-1/+1
* bpo-34155: Dont parse domains containing @ (GH-13079) (GH-14826)Miss Islington (bot)2019-08-091-0/+1
* bpo-37461: Fix infinite loop in parsing of specially crafted email headers (G...Miss Islington (bot)2019-08-011-0/+2
* 3.6.9rc1v3.6.9rc1Ned Deily2019-06-187-18/+0
* bpo-33529, email: Fix infinite loop in email header encoding (GH-12020) (GH-1...Victor Stinner2019-06-171-0/+2
* bpo-35907, CVE-2019-9948: urllib rejects local_file:// scheme (GH-13513)Victor Stinner2019-05-281-0/+3
* bpo-30458: Disallow control chars in http URLs. (GH-12755) (GH-13155)Miro Hrončok2019-05-081-0/+1
* bpo-36742: Fixes handling of pre-normalization characters in urlsplit() (GH-1...Miss Islington (bot)2019-05-021-0/+1
* [3.6] bpo-36216: Add check for characters in netloc that normalize to separat...Steve Dower2019-03-121-0/+3
* bpo-35121: prefix dot in domain for proper subdomain validation (GH-10258) (G...Miss Islington (bot)2019-03-091-0/+4
* bpo-35746: Credit Colin Read and Nicolas Edet (GH-11865)Victor Stinner2019-02-161-1/+2
* bpo-35746: Fix segfault in ssl's cert parser (GH-11569) (GH-11573)Miss Islington (bot)2019-01-151-0/+3
* 3.6.8rc1v3.6.8rc1Ned Deily2018-12-112-7/+0
* bpo-34812: subprocess._args_from_interpreter_flags(): add isolated (GH-10675)...Victor Stinner2018-11-231-0/+4
* bpo-34791: xml package obeys ignore env flags (GH-9544) (GH-9546)Miss Islington (bot)2018-10-201-0/+3
* 3.6.7rc1v3.6.7rc1Ned Deily2018-09-265-10/+0
* [3.6] bpo-17239: Disable external entities in SAX parser (GH-9217) (GH-9512)Christian Heimes2018-09-241-0/+3
* [3.6] bpo-34623: Mention CVE-2018-14647 in news entry (GH-9482) (GH-9489)Miss Islington (bot)2018-09-211-2/+2
* bpo-34623: Use XML_SetHashSalt in _elementtree (GH-9146)Miss Islington (bot)2018-09-181-0/+2
* bpo-32533: Fixed thread-safety of error handling in _ssl. (GH-7158)Steve Dower2018-09-171-0/+1
* bpo-34405: Updated to OpenSSL 1.0.2p for Windows builds. (GH-8776)Steve Dower2018-08-151-0/+1
* [3.6] bpo-33871: Fix os.sendfile(), os.writev(), os.readv(), etc. (GH-7931) (...Serhiy Storchaka2018-07-311-0/+3
* 3.6.5rc1v3.6.5rc1Ned Deily2018-03-132-5/+0
* [3.6] bpo-33001: Prevent buffer overrun in os.symlink (GH-5989) (GH-5990)Steve Dower2018-03-051-0/+1
* [3.6] bpo-32981: Fix catastrophic backtracking vulns (GH-5955)Benjamin Peterson2018-03-031-0/+4
* Update pydoc topics and NEWS blurbs for 3.6.3rc1Ned Deily2017-09-182-4/+0
* [3.6] bpo-29781: Fix SSLObject.version before handshake (GH-3364) (#3381)Christian Heimes2017-09-061-0/+2
* bpo-30947: Update libexpat from 2.2.1 to 2.2.3 (#3106) (#3143)Victor Stinner2017-08-191-0/+2
* Add "Misc/NEWS.d" directory tree for "blurb". GH-2329larryhastings2017-06-221-0/+1