(editors: check NEWS.help for information about editing NEWS using ReST.)

What's New in Python 2.3.6rc1?

==============================

What's New in Python 2.3.6c1?

=============================

*Release date:XX-XXX-200X*

*Release date:25-OCT-2006*

-----------------

- Apply fix for potential heap overflow in PCRE code (CAN-2005-2491).

What's New in Python 2.3.5?

==============================

*Release date: 08-FEB-2005*

- Patch #1541585: fix buffer overrun when performing repr() on

a unicode string in a build with wide unicode (UCS-4) support.

This is the problem described in security advisory PSF-2006-001.

-----------------

-Partially revert thefix for#1074011; don't try to fflush stdin anymore.

-Applyfix forpotential heap overflow in PCRE code (CAN-2005-2491).

Library

-------

Also, whereas % values were decoded in all parameter continuations, they are

now only decoded in encoded parameter parts.

What's New in Python 2.3.5?

==============================

*Release date: 08-FEB-2005*

Core and builtins

-----------------

- Partially revert the fix for #1074011; don't try to fflush stdin anymore.

Library

-------

- Applied a security fix to SimpleXMLRPCserver (PSF-2005-001). This

disables recursive traversal through instance attributes, which can

be exploited in various ways.

staticconstchar*hexdigit="0123456789abcdef";

repr=PyString_FromStringAndSize(NULL,2+6*size+1);

repr=PyString_FromStringAndSize(NULL,

+1);

if (repr==NULL)

returnNULL;

elseif (ch >=0x10000) {

intoffset=p-PyString_AS_STRING(repr);

if (offset+12>PyString_GET_SIZE(repr)) {

if (_PyString_Resize(&repr,PyString_GET_SIZE(repr)+100))

returnNULL;

p=PyString_AS_STRING(repr)+offset;

}

*p++='\\';

*p++='U';

*p++=hexdigit[(ch >>28)&0x0000000F];

*p++=hexdigit[ch&0x0000000F];

continue;

}

elseif (ch >=0xD800&&ch<0xDC00) {

Py_UNICODEch2;

Py_UCS4ucs;

s--;

size++;

}

if (ch >=256) {