merge heads

author Senthil Kumaran <senthil@uthcode.com>

Sun, 31 Jul 2016 06:48:19 +0000 (23:48 -0700)

committer Senthil Kumaran <senthil@uthcode.com>

Sun, 31 Jul 2016 06:48:19 +0000 (23:48 -0700)
author Senthil Kumaran <senthil@uthcode.com>
Sun, 31 Jul 2016 06:48:19 +0000 (23:48 -0700)
committer Senthil Kumaran <senthil@uthcode.com>
Sun, 31 Jul 2016 06:48:19 +0000 (23:48 -0700)
diff --cc Misc/NEWS

index 0a6ddf49c05d67e70aa3cea221e064b0c8ff65ed,efe9b28874d6fec966d18f6a38d2da37f4c34f5f..ffd647113e48b7ebf87db38b532cf9bcc8c5a952
--- 1/Misc/NEWS
--- 2/Misc/NEWS
+++ b/Misc/NEWS
@@@ -34,8 -34,10 +34,12 @@@ Core and Builtin
   Library
   -------
   
+ - Issue #27568: Prevent HTTPoxy attack (CVE-2016-1000110). Ignore the
+   HTTP_PROXY variable when REQUEST_METHOD environment is set, which indicates
+   that the script is in CGI mode.
+ 
+ +- Issue #27656: Do not assume sched.h defines any SCHED_* constants.
+ +
   - Issue #27130: In the "zlib" module, fix handling of large buffers
     (typically 4 GiB) when compressing and decompressing.  Previously, inputs
     were limited to 4 GiB, and compression and decompression operations did not
author	Senthil Kumaran <senthil@uthcode.com>
	Sun, 31 Jul 2016 06:48:19 +0000 (23:48 -0700)
committer	Senthil Kumaran <senthil@uthcode.com>
	Sun, 31 Jul 2016 06:48:19 +0000 (23:48 -0700)