Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/Misc/NEWS.d/next
diff options
context:
space:
mode:
Diffstat (limited to 'Misc/NEWS.d/next')
-rw-r--r--Misc/NEWS.d/next/Security/2022-04-27-18-25-30.gh-issue-68966.gjS8zs.rst4
-rw-r--r--Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst1
-rw-r--r--Misc/NEWS.d/next/Security/2022-10-26-21-04-23.gh-issue-98739.keBWcY.rst1
-rw-r--r--Misc/NEWS.d/next/Security/2022-11-04-09-29-36.gh-issue-98433.l76c5G.rst6
-rw-r--r--Misc/NEWS.d/next/Security/2022-11-11-12-50-28.gh-issue-87604.OtwH5L.rst2
-rw-r--r--Misc/NEWS.d/next/Security/2022-12-05-01-39-10.gh-issue-100001.uD05Fc.rst6
6 files changed, 0 insertions, 20 deletions
diff --git a/Misc/NEWS.d/next/Security/2022-04-27-18-25-30.gh-issue-68966.gjS8zs.rst b/Misc/NEWS.d/next/Security/2022-04-27-18-25-30.gh-issue-68966.gjS8zs.rst
deleted file mode 100644
index da81a1f6993..00000000000
--- a/Misc/NEWS.d/next/Security/2022-04-27-18-25-30.gh-issue-68966.gjS8zs.rst
+++ /dev/null
@@ -1,4 +0,0 @@
-The deprecated mailcap module now refuses to inject unsafe text (filenames,
-MIME types, parameters) into shell commands. Instead of using such text, it
-will warn and act as if a match was not found (or for test commands, as if
-the test failed).
diff --git a/Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst b/Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst
deleted file mode 100644
index 2d23a6ad93c..00000000000
--- a/Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst
+++ /dev/null
@@ -1 +0,0 @@
-Port XKCP's fix for the buffer overflows in SHA-3 (CVE-2022-37454).
diff --git a/Misc/NEWS.d/next/Security/2022-10-26-21-04-23.gh-issue-98739.keBWcY.rst b/Misc/NEWS.d/next/Security/2022-10-26-21-04-23.gh-issue-98739.keBWcY.rst
deleted file mode 100644
index b63a54b3676..00000000000
--- a/Misc/NEWS.d/next/Security/2022-10-26-21-04-23.gh-issue-98739.keBWcY.rst
+++ /dev/null
@@ -1 +0,0 @@
-Update bundled libexpat to 2.5.0
diff --git a/Misc/NEWS.d/next/Security/2022-11-04-09-29-36.gh-issue-98433.l76c5G.rst b/Misc/NEWS.d/next/Security/2022-11-04-09-29-36.gh-issue-98433.l76c5G.rst
deleted file mode 100644
index 5185fac2e29..00000000000
--- a/Misc/NEWS.d/next/Security/2022-11-04-09-29-36.gh-issue-98433.l76c5G.rst
+++ /dev/null
@@ -1,6 +0,0 @@
-The IDNA codec decoder used on DNS hostnames by :mod:`socket` or :mod:`asyncio`
-related name resolution functions no longer involves a quadratic algorithm.
-This prevents a potential CPU denial of service if an out-of-spec excessive
-length hostname involving bidirectional characters were decoded. Some protocols
-such as :mod:`urllib` http ``3xx`` redirects potentially allow for an attacker
-to supply such a name.
diff --git a/Misc/NEWS.d/next/Security/2022-11-11-12-50-28.gh-issue-87604.OtwH5L.rst b/Misc/NEWS.d/next/Security/2022-11-11-12-50-28.gh-issue-87604.OtwH5L.rst
deleted file mode 100644
index c931409b817..00000000000
--- a/Misc/NEWS.d/next/Security/2022-11-11-12-50-28.gh-issue-87604.OtwH5L.rst
+++ /dev/null
@@ -1,2 +0,0 @@
-Avoid publishing list of active per-interpreter audit hooks via the
-:mod:`gc` module
diff --git a/Misc/NEWS.d/next/Security/2022-12-05-01-39-10.gh-issue-100001.uD05Fc.rst b/Misc/NEWS.d/next/Security/2022-12-05-01-39-10.gh-issue-100001.uD05Fc.rst
deleted file mode 100644
index a396e95cd83..00000000000
--- a/Misc/NEWS.d/next/Security/2022-12-05-01-39-10.gh-issue-100001.uD05Fc.rst
+++ /dev/null
@@ -1,6 +0,0 @@
-``python -m http.server`` no longer allows terminal control characters sent
-within a garbage request to be printed to the stderr server log.
-
-This is done by changing the :mod:`http.server` :class:`BaseHTTPRequestHandler`
-``.log_message`` method to replace control characters with a ``\xHH`` hex escape
-before printing.