blob: a52d43f370a8954e2ae362173441bad5ccff7927 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
|
.. bpo: 39073
.. date: 2020-03-15-01-28-36
.. nonce: 6Szd3i
.. release date: 2020-06-17
.. section: Security
Disallow CR or LF in email.headerregistry.Address arguments to guard against
header injection attacks.
..
.. bpo: 38576
.. date: 2020-03-14-14-57-44
.. nonce: OowwQn
.. section: Security
Disallow control characters in hostnames in http.client, addressing
CVE-2019-18348. Such potentially malicious header injection URLs now cause a
InvalidURL to be raised.
..
.. bpo: 39503
.. date: 2020-01-30-16-15-29
.. nonce: B299Yq
.. section: Security
CVE-2020-8492: The :class:`~urllib.request.AbstractBasicAuthHandler` class
of the :mod:`urllib.request` module uses an inefficient regular expression
which can be exploited by an attacker to cause a denial of service. Fix the
regex to prevent the catastrophic backtracking. Vulnerability reported by
Ben Caller and Matt Schwager.
..
.. bpo: 39401
.. date: 2020-01-28-20-54-09
.. nonce: he7h_A
.. section: Security
Avoid unsafe load of ``api-ms-win-core-path-l1-1-0.dll`` at startup on
Windows 7.
..
.. bpo: 39510
.. date: 2020-02-04-10-27-41
.. nonce: PMIh-f
.. section: Core and Builtins
Fix segfault in ``readinto()`` method on closed BufferedReader.
..
.. bpo: 39421
.. date: 2020-01-22-15-53-37
.. nonce: O3nG7u
.. section: Core and Builtins
Fix possible crashes when operating with the functions in the :mod:`heapq`
module and custom comparison operators.
..
.. bpo: 39503
.. date: 2020-03-25-16-02-16
.. nonce: YmMbYn
.. section: Library
:class:`~urllib.request.AbstractBasicAuthHandler` of :mod:`urllib.request`
now parses all WWW-Authenticate HTTP headers and accepts multiple challenges
per header: use the realm of the first Basic challenge.
|
GitWeb
