mirror of https://github.com/python/cpython
73 lines
2.0 KiB
ReStructuredText
73 lines
2.0 KiB
ReStructuredText
.. bpo: 32551
|
|
.. date: 2018-01-16-16-05-37
|
|
.. nonce: U0z4W-
|
|
.. release date: 2018-01-23
|
|
.. section: Security
|
|
|
|
The ``sys.path[0]`` initialization change for bpo-29139 caused a regression
|
|
by revealing an inconsistency in how sys.path is initialized when executing
|
|
``__main__`` from a zipfile, directory, or other import location. This is
|
|
considered a potential security issue, as it may lead to privileged
|
|
processes unexpectedly loading code from user controlled directories in
|
|
situations where that was not previously the case.
|
|
The interpreter now consistently avoids ever adding the import location's
|
|
parent directory to ``sys.path``, and ensures no other ``sys.path`` entries
|
|
are inadvertently modified when inserting the import location named on the
|
|
command line. (Originally reported as bpo-29723 against Python 3.6rc1, but
|
|
it was missed at the time that the then upcoming Python 3.5.4 release would
|
|
also be affected)
|
|
|
|
..
|
|
|
|
.. bpo: 30657
|
|
.. date: 2017-12-01-18-51-03
|
|
.. nonce: Fd8kId
|
|
.. section: Security
|
|
|
|
Fixed possible integer overflow in PyBytes_DecodeEscape, CVE-2017-1000158.
|
|
Original patch by Jay Bosamiya; rebased to Python 3 by Miro Hrončok.
|
|
|
|
..
|
|
|
|
.. bpo: 30947
|
|
.. date: 2017-09-05-20-34-44
|
|
.. nonce: iNMmm4
|
|
.. section: Security
|
|
|
|
Upgrade libexpat embedded copy from version 2.2.1 to 2.2.3 to get security
|
|
fixes.
|
|
|
|
..
|
|
|
|
.. bpo: 31095
|
|
.. date: 2017-08-01-18-48-30
|
|
.. nonce: bXWZDb
|
|
.. section: Core and Builtins
|
|
|
|
Fix potential crash during GC caused by ``tp_dealloc`` which doesn't call
|
|
``PyObject_GC_UnTrack()``.
|
|
|
|
..
|
|
|
|
.. bpo: 32072
|
|
.. date: 2017-11-18-21-13-52
|
|
.. nonce: nwDV8L
|
|
.. section: Library
|
|
|
|
Fixed issues with binary plists:
|
|
Fixed saving bytearrays.
|
|
Identical objects will be saved only once.
|
|
Equal references will be load as identical objects.
|
|
Added support for saving and loading recursive data structures.
|
|
|
|
..
|
|
|
|
.. bpo: 31170
|
|
.. date: 2017-09-05-20-35-21
|
|
.. nonce: QGmJ1t
|
|
.. section: Library
|
|
|
|
expat: Update libexpat from 2.2.3 to 2.2.4. Fix copying of partial
|
|
characters for UTF-8 input (libexpat bug 115):
|
|
https://github.com/libexpat/libexpat/issues/115
|