1.. bpo: 32551 2.. date: 2018-01-16-16-05-37 3.. nonce: U0z4W- 4.. release date: 2018-01-23 5.. section: Security 6 7The ``sys.path[0]`` initialization change for bpo-29139 caused a regression 8by revealing an inconsistency in how sys.path is initialized when executing 9``__main__`` from a zipfile, directory, or other import location. This is 10considered a potential security issue, as it may lead to privileged 11processes unexpectedly loading code from user controlled directories in 12situations where that was not previously the case. 13 14The interpreter now consistently avoids ever adding the import location's 15parent directory to ``sys.path``, and ensures no other ``sys.path`` entries 16are inadvertently modified when inserting the import location named on the 17command line. (Originally reported as bpo-29723 against Python 3.6rc1, but 18it was missed at the time that the then upcoming Python 3.5.4 release would 19also be affected) 20 21.. 22 23.. bpo: 30657 24.. date: 2017-12-01-18-51-03 25.. nonce: Fd8kId 26.. section: Security 27 28Fixed possible integer overflow in PyBytes_DecodeEscape, CVE-2017-1000158. 29Original patch by Jay Bosamiya; rebased to Python 3 by Miro Hrončok. 30 31.. 32 33.. bpo: 30947 34.. date: 2017-09-05-20-34-44 35.. nonce: iNMmm4 36.. section: Security 37 38Upgrade libexpat embedded copy from version 2.2.1 to 2.2.3 to get security 39fixes. 40 41.. 42 43.. bpo: 31095 44.. date: 2017-08-01-18-48-30 45.. nonce: bXWZDb 46.. section: Core and Builtins 47 48Fix potential crash during GC caused by ``tp_dealloc`` which doesn't call 49``PyObject_GC_UnTrack()``. 50 51.. 52 53.. bpo: 32072 54.. date: 2017-11-18-21-13-52 55.. nonce: nwDV8L 56.. section: Library 57 58Fixed issues with binary plists: 59 60* Fixed saving bytearrays. 61* Identical objects will be saved only once. 62* Equal references will be load as identical objects. 63* Added support for saving and loading recursive data structures. 64 65.. 66 67.. bpo: 31170 68.. date: 2017-09-05-20-35-21 69.. nonce: QGmJ1t 70.. section: Library 71 72expat: Update libexpat from 2.2.3 to 2.2.4. Fix copying of partial 73characters for UTF-8 input (libexpat bug 115): 74https://github.com/libexpat/libexpat/issues/115 75