• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1.. bpo: 32551
2.. date: 2018-01-16-16-05-37
3.. nonce: U0z4W-
4.. release date: 2018-01-23
5.. section: Security
6
7The ``sys.path[0]`` initialization change for bpo-29139 caused a regression
8by revealing an inconsistency in how sys.path is initialized when executing
9``__main__`` from a zipfile, directory, or other import location. This is
10considered a potential security issue, as it may lead to privileged
11processes unexpectedly loading code from user controlled directories in
12situations where that was not previously the case.
13The interpreter now consistently avoids ever adding the import location's
14parent directory to ``sys.path``, and ensures no other ``sys.path`` entries
15are inadvertently modified when inserting the import location named on the
16command line. (Originally reported as bpo-29723 against Python 3.6rc1, but
17it was missed at the time that the then upcoming Python 3.5.4 release would
18also be affected)
19
20..
21
22.. bpo: 30657
23.. date: 2017-12-01-18-51-03
24.. nonce: Fd8kId
25.. section: Security
26
27Fixed possible integer overflow in PyBytes_DecodeEscape, CVE-2017-1000158.
28Original patch by Jay Bosamiya; rebased to Python 3 by Miro Hrončok.
29
30..
31
32.. bpo: 30947
33.. date: 2017-09-05-20-34-44
34.. nonce: iNMmm4
35.. section: Security
36
37Upgrade libexpat embedded copy from version 2.2.1 to 2.2.3 to get security
38fixes.
39
40..
41
42.. bpo: 31095
43.. date: 2017-08-01-18-48-30
44.. nonce: bXWZDb
45.. section: Core and Builtins
46
47Fix potential crash during GC caused by ``tp_dealloc`` which doesn't call
48``PyObject_GC_UnTrack()``.
49
50..
51
52.. bpo: 32072
53.. date: 2017-11-18-21-13-52
54.. nonce: nwDV8L
55.. section: Library
56
57Fixed issues with binary plists:
58Fixed saving bytearrays.
59Identical objects will be saved only once.
60Equal references will be load as identical objects.
61Added support for saving and loading recursive data structures.
62
63..
64
65.. bpo: 31170
66.. date: 2017-09-05-20-35-21
67.. nonce: QGmJ1t
68.. section: Library
69
70expat: Update libexpat from 2.2.3 to 2.2.4. Fix copying of partial
71characters for UTF-8 input (libexpat bug 115):
72https://github.com/libexpat/libexpat/issues/115
73