Closes issue 11133. Fixes two cases where inspect.getattr_static could trigger code execution

author: Michael Foord <michael@python.org> 2011-03-15 19:20:44 -0400
committer: Michael Foord <michael@python.org> 2011-03-15 19:20:44 -0400
commit: 7a1f122fcdb1507abd143a70a798366a305d7345 (patch)
tree: 39de579645b1ebfd421bf32020c283dac2b5c60f /Misc
parent: 2abc88ced374f676a57bb49e32c28c31c6bfa512 (diff)
download: cpython-7a1f122fcdb1507abd143a70a798366a305d7345.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/Misc/NEWS b/Misc/NEWS
index 42330ff40d..78442fac2f 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -40,6 +40,9 @@ Core and Builtins
 Library
 -------
 
+- Issue #11133: fix two cases where inspect.getattr_static can trigger code
+  execution. Patch by Daniel Urban.
+
 - Issue #11501: disutils.archive_utils.make_zipfile no longer fails if zlib is
   not installed. Instead, the zipfile.ZIP_STORED compression is used to create
   the ZipFile. Patch by Natalia B. Bidart.
@@ -48,7 +51,7 @@ Library
   encoding was not done if euc-jp or shift-jis was specified as the charset.
 
 - Issue #11500: Fixed a bug in the os x proxy bypass code for fully qualified
-  IP addresses in the proxy exception list. 
+  IP addresses in the proxy exception list.
 
 - Issue #11491: dbm.error is no longer raised when dbm.open is called with
   the "n" as the flag argument and the file exists. The behavior matches
author	Michael Foord <michael@python.org>	2011-03-15 19:20:44 -0400
committer	Michael Foord <michael@python.org>	2011-03-15 19:20:44 -0400
commit	7a1f122fcdb1507abd143a70a798366a305d7345 (patch)
tree	39de579645b1ebfd421bf32020c283dac2b5c60f /Misc
parent	2abc88ced374f676a57bb49e32c28c31c6bfa512 (diff)
download	cpython-7a1f122fcdb1507abd143a70a798366a305d7345.tar.gz