$NetBSD: patch-Misc_NEWS,v 1.3.2.1 2014/07/05 11:13:52 tron Exp $

Note added fixes.

--- Misc/NEWS.orig	2014-05-31 18:58:39.000000000 +0000
+++ Misc/NEWS
@@ -63,6 +63,9 @@ Core and Builtins
 Library
 -------
 
+- Issue #21766: Prevent a security hole in CGIHTTPServer by URL unquoting paths
+  before checking for a CGI script at that path.
+
 - Issue #10744: Fix PEP 3118 format strings on ctypes objects with a nontrivial
   shape.
 
@@ -585,6 +588,13 @@ Library
   prevent readline() calls from consuming too much memory.  Patch by Jyrki
   Pulliainen.
 
+- Issue #16041: CVE-2013-1752: poplib: Limit maximum line lengths to 2048 to
+  prevent readline() calls from consuming too much memory.  Patch by Jyrki
+  Pulliainen.
+
+- Issue #16042: CVE-2013-1752: smtplib: Limit amount of data read by
+  limiting the call to readline().  Original patch by Christian Heimes.
+
 - Issue #12641: Avoid passing "-mno-cygwin" to the mingw32 compiler, except
   when necessary.  Patch by Oscar Benjamin.
 
