Home | History | Annotate | Download | only in NEWS.d 
      1 .. bpo: 32551
      2 .. date: 2018-01-16-16-05-37
      3 .. nonce: U0z4W-
      4 .. release date: 2018-01-23
      5 .. section: Security
      6 
      7 The ``sys.path[0]`` initialization change for bpo-29139 caused a regression
      8 by revealing an inconsistency in how sys.path is initialized when executing
      9 ``__main__`` from a zipfile, directory, or other import location. This is
     10 considered a potential security issue, as it may lead to privileged
     11 processes unexpectedly loading code from user controlled directories in
     12 situations where that was not previously the case.
     13 
     14 The interpreter now consistently avoids ever adding the import location's
     15 parent directory to ``sys.path``, and ensures no other ``sys.path`` entries
     16 are inadvertently modified when inserting the import location named on the
     17 command line. (Originally reported as bpo-29723 against Python 3.6rc1, but
     18 it was missed at the time that the then upcoming Python 3.5.4 release would
     19 also be affected)
     20 
     21 ..
     22 
     23 .. bpo: 30657
     24 .. date: 2017-12-01-18-51-03
     25 .. nonce: Fd8kId
     26 .. section: Security
     27 
     28 Fixed possible integer overflow in PyBytes_DecodeEscape, CVE-2017-1000158.
     29 Original patch by Jay Bosamiya; rebased to Python 3 by Miro Hronok.
     30 
     31 ..
     32 
     33 .. bpo: 30947
     34 .. date: 2017-09-05-20-34-44
     35 .. nonce: iNMmm4
     36 .. section: Security
     37 
     38 Upgrade libexpat embedded copy from version 2.2.1 to 2.2.3 to get security
     39 fixes.
     40 
     41 ..
     42 
     43 .. bpo: 31095
     44 .. date: 2017-08-01-18-48-30
     45 .. nonce: bXWZDb
     46 .. section: Core and Builtins
     47 
     48 Fix potential crash during GC caused by ``tp_dealloc`` which doesn't call
     49 ``PyObject_GC_UnTrack()``.
     50 
     51 ..
     52 
     53 .. bpo: 32072
     54 .. date: 2017-11-18-21-13-52
     55 .. nonce: nwDV8L
     56 .. section: Library
     57 
     58 Fixed issues with binary plists:
     59 
     60 * Fixed saving bytearrays.
     61 * Identical objects will be saved only once.
     62 * Equal references will be load as identical objects.
     63 * Added support for saving and loading recursive data structures.
     64 
     65 ..
     66 
     67 .. bpo: 31170
     68 .. date: 2017-09-05-20-35-21
     69 .. nonce: QGmJ1t
     70 .. section: Library
     71 
     72 expat: Update libexpat from 2.2.3 to 2.2.4. Fix copying of partial
     73 characters for UTF-8 input (libexpat bug 115):
     74 https://github.com/libexpat/libexpat/issues/115
     75