$NetBSD: patch-Misc_NEWS,v 1.4.2.1 2014/11/03 14:12:52 tron Exp $

Note added fixes.

--- Misc/NEWS.orig	2014-06-30 02:05:39.000000000 +0000
+++ Misc/NEWS
@@ -10,6 +10,11 @@ What's New in Python 2.7.8?
 Core and Builtins
 -----------------
 
+- Issue #22518: Fix integer overflow issues in latin-1 encoding.
+
+- Issue #22470: Fixed integer overflow issues in "backslashreplace" and
+   "xmlcharrefreplace" error handlers.
+
 - Issue #4346: In PyObject_CallMethod and PyObject_CallMethodObjArgs, don't
   overwrite the error set in PyObject_GetAttr.
 
@@ -207,6 +212,9 @@ Core and Builtins
 Library
 -------
 
+- Issue #21766: Prevent a security hole in CGIHTTPServer by URL unquoting paths
+  before checking for a CGI script at that path.
+
 - Issue #10744: Fix PEP 3118 format strings on ctypes objects with a nontrivial
   shape.
 
@@ -729,6 +737,13 @@ Library
   prevent readline() calls from consuming too much memory.  Patch by Jyrki
   Pulliainen.
 
+- Issue #16041: CVE-2013-1752: poplib: Limit maximum line lengths to 2048 to
+  prevent readline() calls from consuming too much memory.  Patch by Jyrki
+  Pulliainen.
+
+- Issue #16042: CVE-2013-1752: smtplib: Limit amount of data read by
+  limiting the call to readline().  Original patch by Christian Heimes.
+
 - Issue #12641: Avoid passing "-mno-cygwin" to the mingw32 compiler, except
   when necessary.  Patch by Oscar Benjamin.
 
