From: Fred Drake <fdrake@acm.org>
Date: Thu, 10 Jan 2002 13:56:21 +0000 (+0000)
Subject: Added item about the webbrowser security fix.
X-Git-Tag: v2.1.2c1~5
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d66330a844cb18c9a7ff565944f4503623ab78ec;p=thirdparty%2FPython%2Fcpython.git

Added item about the webbrowser security fix.
---

diff --git a/Misc/NEWS b/Misc/NEWS
index 419908be6cd7..a7dbd2c84778 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -15,6 +15,10 @@ notable fixes:
 - SF bug #422004: Py_Initialise fix that allows reload(exceptions) to 
   work - this is apparently very important for embedded python.
 
+- SF patch #500401: webbrowser: tightened up the command passed to
+  os.system() so that arbitrary shell code can't be executed because a
+  bogus URL was passed in.
+
 - The Python compiler package was updated to correctly calculate stack
   depth in some cases. This was affecting Zope Python Scripts rather badly.