Content - d7e5886c197e66bf44e953e67d4f74e2949bfc9f - f65a756/Misc/NEWS.d/3.4.9rc1.rst

Staging
v0.5.1

swh:1:snp:635f4099902912592851108bcac178ff574f7c5f

Tip revision: c126fdc0bddc9f52d3bc859104741976a6fad9b5 authored by Larry Hastings on 19 July 2018, 12:12:59 UTC
Version bump for 3.4.9rc1.

Tip revision: c126fdc

3.4.9rc1.rst

.. bpo: 33001
.. date: 2018-03-05-10-09-51
.. nonce: elj4Aa
.. release date: 2018-07-19
.. section: Security

Minimal fix to prevent buffer overrun in os.symlink on Windows

..

.. bpo: 32981
.. date: 2018-03-02-10-24-52
.. nonce: O_qDyj
.. section: Security

Regexes in difflib and poplib were vulnerable to catastrophic backtracking.
These regexes formed potential DOS vectors (REDOS). They have been
refactored. This resolves CVE-2018-1060 and CVE-2018-1061. Patch by Jamie
Davis.