Skip to main content

Browse the archive

Staging
v0.8.1
swh:1:snp:635f4099902912592851108bcac178ff574f7c5f
Raw File
Tip revision: e5f6aba872e66bfd86eb592214696a519cded197 authored by Larry Hastings on 01 November 2019, 23:02:34 UTC
Version bump for 3.5.9 final.
Tip revision: e5f6aba
3.5.7rc1.rst 
.. bpo: 35746
.. date: 2019-01-15-18-16-05
.. nonce: nMSd0j
.. release date: 2019-03-03
.. section: Security

[CVE-2019-5010] Fix a NULL pointer deref in ssl module. The cert parser did
not handle CRL distribution points with empty DP or URI correctly. A
malicious or buggy certificate can result into segfault. Vulnerability
(TALOS-2018-0758) reported by Colin Read and Nicolas Edet of Cisco.

..

.. bpo: 34791
.. date: 2018-09-24-18-49-25
.. nonce: 78GmIG
.. section: Security

The xml.sax and xml.dom.domreg no longer use environment variables to
override parser implementations when sys.flags.ignore_environment is set by
-E or -I arguments.

..

.. bpo: 34623
.. date: 2018-09-10-16-05-39
.. nonce: Ua9jMv
.. section: Security

CVE-2018-14647: The C accelerated _elementtree module now initializes hash
randomization salt from _Py_HashSecret instead of libexpat's default CSPRNG.

..

.. bpo: 33329
.. date: 2018-04-23-13-21-39
.. nonce: lQ-Eod
.. section: Library

Fix multiprocessing regression on newer glibcs

..

.. bpo: 33127
.. date: 2018-03-24-15-08-24
.. nonce: olJmHv
.. section: Library

The ssl module now compiles with LibreSSL 2.7.1.
back to top