diff options
Diffstat (limited to 'Misc/NEWS.d/next/Security')
7 files changed, 0 insertions, 18 deletions
diff --git a/Misc/NEWS.d/next/Security/2018-10-31-15-39-17.bpo-35121.EgHv9k.rst b/Misc/NEWS.d/next/Security/2018-10-31-15-39-17.bpo-35121.EgHv9k.rst deleted file mode 100644 index d2eb8f1f35..0000000000 --- a/Misc/NEWS.d/next/Security/2018-10-31-15-39-17.bpo-35121.EgHv9k.rst +++ /dev/null @@ -1,4 +0,0 @@ -Don't send cookies of domain A without Domain attribute to domain B -when domain A is a suffix match of domain B while using a cookiejar -with :class:`http.cookiejar.DefaultCookiePolicy` policy. Patch by -Karthikeyan Singaravelan. diff --git a/Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst b/Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst deleted file mode 100644 index fc703b9c24..0000000000 --- a/Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst +++ /dev/null @@ -1,4 +0,0 @@ -[CVE-2019-5010] Fix a NULL pointer deref in ssl module. The cert parser did -not handle CRL distribution points with empty DP or URI correctly. A -malicious or buggy certificate can result into segfault. Vulnerability -(TALOS-2018-0758) reported by Colin Read and Nicolas Edet of Cisco. diff --git a/Misc/NEWS.d/next/Security/2019-02-24-18-48-16.bpo-33529.wpNNBD.rst b/Misc/NEWS.d/next/Security/2019-02-24-18-48-16.bpo-33529.wpNNBD.rst deleted file mode 100644 index 84d16f5a56..0000000000 --- a/Misc/NEWS.d/next/Security/2019-02-24-18-48-16.bpo-33529.wpNNBD.rst +++ /dev/null @@ -1,2 +0,0 @@ -Prevent fold function used in email header encoding from entering infinite -loop when there are too many non-ASCII characters in a header. diff --git a/Misc/NEWS.d/next/Security/2019-03-06-09-38-40.bpo-36216.6q1m4a.rst b/Misc/NEWS.d/next/Security/2019-03-06-09-38-40.bpo-36216.6q1m4a.rst deleted file mode 100644 index 5546394157..0000000000 --- a/Misc/NEWS.d/next/Security/2019-03-06-09-38-40.bpo-36216.6q1m4a.rst +++ /dev/null @@ -1,3 +0,0 @@ -Changes urlsplit() to raise ValueError when the URL contains characters that -decompose under IDNA encoding (NFKC-normalization) into characters that -affect how the URL is parsed. diff --git a/Misc/NEWS.d/next/Security/2019-04-10-08-53-30.bpo-30458.51E-DA.rst b/Misc/NEWS.d/next/Security/2019-04-10-08-53-30.bpo-30458.51E-DA.rst deleted file mode 100644 index ed8027fb4d..0000000000 --- a/Misc/NEWS.d/next/Security/2019-04-10-08-53-30.bpo-30458.51E-DA.rst +++ /dev/null @@ -1 +0,0 @@ -Address CVE-2019-9740 by disallowing URL paths with embedded whitespace or control characters through into the underlying http client request. Such potentially malicious header injection URLs now cause an http.client.InvalidURL exception to be raised. diff --git a/Misc/NEWS.d/next/Security/2019-04-29-15-34-59.bpo-36742.QCUY0i.rst b/Misc/NEWS.d/next/Security/2019-04-29-15-34-59.bpo-36742.QCUY0i.rst deleted file mode 100644 index d729ed2f3c..0000000000 --- a/Misc/NEWS.d/next/Security/2019-04-29-15-34-59.bpo-36742.QCUY0i.rst +++ /dev/null @@ -1 +0,0 @@ -Fixes mishandling of pre-normalization characters in urlsplit(). diff --git a/Misc/NEWS.d/next/Security/2019-05-21-23-20-18.bpo-35907.NC_zNK.rst b/Misc/NEWS.d/next/Security/2019-05-21-23-20-18.bpo-35907.NC_zNK.rst deleted file mode 100644 index 37b567a5b6..0000000000 --- a/Misc/NEWS.d/next/Security/2019-05-21-23-20-18.bpo-35907.NC_zNK.rst +++ /dev/null @@ -1,3 +0,0 @@ -CVE-2019-9948: Avoid file reading by disallowing ``local-file://`` and -``local_file://`` URL schemes in ``URLopener().open()`` and -``URLopener().retrieve()`` of :mod:`urllib.request`. |