• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1.. bpo: 32551
2.. date: 2018-01-16-16-05-37
3.. nonce: U0z4W-
4.. release date: 2018-01-23
5.. section: Security
6
7The ``sys.path[0]`` initialization change for bpo-29139 caused a regression
8by revealing an inconsistency in how sys.path is initialized when executing
9``__main__`` from a zipfile, directory, or other import location. This is
10considered a potential security issue, as it may lead to privileged
11processes unexpectedly loading code from user controlled directories in
12situations where that was not previously the case.
13
14The interpreter now consistently avoids ever adding the import location's
15parent directory to ``sys.path``, and ensures no other ``sys.path`` entries
16are inadvertently modified when inserting the import location named on the
17command line. (Originally reported as bpo-29723 against Python 3.6rc1, but
18it was missed at the time that the then upcoming Python 3.5.4 release would
19also be affected)
20
21..
22
23.. bpo: 30657
24.. date: 2017-12-01-18-51-03
25.. nonce: Fd8kId
26.. section: Security
27
28Fixed possible integer overflow in PyBytes_DecodeEscape, CVE-2017-1000158.
29Original patch by Jay Bosamiya; rebased to Python 3 by Miro Hrončok.
30
31..
32
33.. bpo: 30947
34.. date: 2017-09-05-20-34-44
35.. nonce: iNMmm4
36.. section: Security
37
38Upgrade libexpat embedded copy from version 2.2.1 to 2.2.3 to get security
39fixes.
40
41..
42
43.. bpo: 31095
44.. date: 2017-08-01-18-48-30
45.. nonce: bXWZDb
46.. section: Core and Builtins
47
48Fix potential crash during GC caused by ``tp_dealloc`` which doesn't call
49``PyObject_GC_UnTrack()``.
50
51..
52
53.. bpo: 32072
54.. date: 2017-11-18-21-13-52
55.. nonce: nwDV8L
56.. section: Library
57
58Fixed issues with binary plists:
59
60* Fixed saving bytearrays.
61* Identical objects will be saved only once.
62* Equal references will be load as identical objects.
63* Added support for saving and loading recursive data structures.
64
65..
66
67.. bpo: 31170
68.. date: 2017-09-05-20-35-21
69.. nonce: QGmJ1t
70.. section: Library
71
72expat: Update libexpat from 2.2.3 to 2.2.4. Fix copying of partial
73characters for UTF-8 input (libexpat bug 115):
74https://github.com/libexpat/libexpat/issues/115
75