$NetBSD: patch-Misc_NEWS,v 1.3.2.1 2014/07/05 11:13:52 tron Exp $ Note added fixes. --- Misc/NEWS.orig 2014-05-31 18:58:39.000000000 +0000 +++ Misc/NEWS @@ -63,6 +63,9 @@ Core and Builtins Library ------- +- Issue #21766: Prevent a security hole in CGIHTTPServer by URL unquoting paths + before checking for a CGI script at that path. + - Issue #10744: Fix PEP 3118 format strings on ctypes objects with a nontrivial shape. @@ -585,6 +588,13 @@ Library prevent readline() calls from consuming too much memory. Patch by Jyrki Pulliainen. +- Issue #16041: CVE-2013-1752: poplib: Limit maximum line lengths to 2048 to + prevent readline() calls from consuming too much memory. Patch by Jyrki + Pulliainen. + +- Issue #16042: CVE-2013-1752: smtplib: Limit amount of data read by + limiting the call to readline(). Original patch by Christian Heimes. + - Issue #12641: Avoid passing "-mno-cygwin" to the mingw32 compiler, except when necessary. Patch by Oscar Benjamin.