Python -- multiple vulnerabilities
bpo-42278: Replaced usage of tempfile.mktemp() with TemporaryDirectory to avoid
a potential race condition.
bpo-41180: Add auditing events to the marshal module, and stop raising
code.__init__ events for every unmarshalled code object. Directly instantiated
code objects will continue to raise an event, and audit event handlers should
inspect or collect the raw marshal data. This reduces a significant performance
overhead when loading from .pyc files.
bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the
fix for the CVE-2013-0340 "Billion Laughs" vulnerability. This copy is most used
on Windows and macOS.
bpo-43124: Made the internal putcmd function in smtplib sanitize input for
presence of \r and \n characters to avoid (unlikely) command injection.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright