@@ -183,7 +183,7 @@ Library
183183 when exiting, let the new chained one through. This avoids the PEP 479
184184 bug described in issue25782.
185185
186- - Issue #27278: Fix os.urandom() implementation using getrandom() on Linux.
186+ - [Security] Issue #27278: Fix os.urandom() implementation using getrandom() on Linux.
187187 Truncate size to INT_MAX and loop until we collected enough random bytes,
188188 instead of casting a directly Py_ssize_t to int.
189189
@@ -196,7 +196,7 @@ Library
196196- Issue #8637: Honor a pager set by the env var MANPAGER (in preference to
197197 one set by the env var PAGER).
198198
199- - Issue #22636: Avoid shell injection problems with
199+ - [Security] Issue #22636: Avoid shell injection problems with
200200 ctypes.util.find_library().
201201
202202- Issue #16182: Fix various functions in the "readline" module to use the
@@ -348,9 +348,9 @@ Library
348348- Issue #20508: Improve exception message of IPv{4,6}Network.__getitem__.
349349 Patch by Gareth Rees.
350350
351- - Issue #26556: Update expat to 2.1.1, fixes CVE-2015-1283.
351+ - [Security] Issue #26556: Update expat to 2.1.1, fixes CVE-2015-1283.
352352
353- - Fix TLS stripping vulnerability in smtplib, CVE-2016-0772. Reported by Team
353+ - [Security] Fix TLS stripping vulnerability in smtplib, CVE-2016-0772. Reported by Team
354354 Oststrom
355355
356356- Issue #21386: Implement missing IPv4Address.is_global property. It was
@@ -393,7 +393,7 @@ Library
393393- Issue #21313: Fix the "platform" module to tolerate when sys.version
394394 contains truncated build information.
395395
396- - Issue #26839: On Linux, :func:`os.urandom` now calls ``getrandom()`` with
396+ - [Security] Issue #26839: On Linux, :func:`os.urandom` now calls ``getrandom()`` with
397397 ``GRND_NONBLOCK`` to fall back on reading ``/dev/urandom`` if the urandom
398398 entropy pool is not initialized yet. Patch written by Colm Buckley.
399399
@@ -988,7 +988,7 @@ Library
988988- Issue #24838: tarfile's ustar and gnu formats now correctly calculate name
989989 and link field limits for multibyte character encodings like utf-8.
990990
991- - Issue #26657: Fix directory traversal vulnerability with http.server on
991+ - [Security] Issue #26657: Fix directory traversal vulnerability with http.server on
992992 Windows. This fixes a regression that was introduced in 3.3.4rc1 and
993993 3.4.0rc1. Based on patch by Philipp Hagemeister.
994994
@@ -1094,7 +1094,7 @@ Library
10941094 :class:`warnings.WarningMessage`. Add warnings._showwarnmsg() which uses
10951095 tracemalloc to get the traceback where source object was allocated.
10961096
1097- - Issue #26313: ssl.py _load_windows_store_certs fails if windows cert store
1097+ - [Security] Issue #26313: ssl.py _load_windows_store_certs fails if windows cert store
10981098 is empty. Patch by Baji.
10991099
11001100- Issue #26569: Fix :func:`pyclbr.readmodule` and :func:`pyclbr.readmodule_ex`
@@ -1177,7 +1177,7 @@ Library
11771177 trigger the handle_error() method, and will now to stop a single-threaded
11781178 server.
11791179
1180- - Issue #25939: On Windows open the cert store readonly in ssl.enum_certificates.
1180+ - [Security] Issue #25939: On Windows open the cert store readonly in ssl.enum_certificates.
11811181
11821182- Issue #25995: os.walk() no longer uses FDs proportional to the tree depth.
11831183
0 commit comments