Added item about the webbrowser security fix.

author Fred Drake <fdrake@acm.org>

Thu, 10 Jan 2002 13:56:21 +0000 (13:56 +0000)

committer Fred Drake <fdrake@acm.org>

Thu, 10 Jan 2002 13:56:21 +0000 (13:56 +0000)
author Fred Drake <fdrake@acm.org>
Thu, 10 Jan 2002 13:56:21 +0000 (13:56 +0000)
committer Fred Drake <fdrake@acm.org>
Thu, 10 Jan 2002 13:56:21 +0000 (13:56 +0000)
diff --git a/Misc/NEWS b/Misc/NEWS

index 419908be6cd7455d8bb4138abe56dfd366c811f4..a7dbd2c84778fe788a2ba89a36e3cd21e22a4ebb 100644 (file)
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -15,6 +15,10 @@ notable fixes:
  - SF bug #422004: Py_Initialise fix that allows reload(exceptions) to 
    work - this is apparently very important for embedded python.
  
+- SF patch #500401: webbrowser: tightened up the command passed to
+  os.system() so that arbitrary shell code can't be executed because a
+  bogus URL was passed in.
+
  - The Python compiler package was updated to correctly calculate stack
    depth in some cases. This was affecting Zope Python Scripts rather badly.
author	Fred Drake <fdrake@acm.org>
	Thu, 10 Jan 2002 13:56:21 +0000 (13:56 +0000)
committer	Fred Drake <fdrake@acm.org>
	Thu, 10 Jan 2002 13:56:21 +0000 (13:56 +0000)