Add a Misc/NEWS.d entry.

Author: gpshead

Misc/NEWS.d/next/Core and Builtins/2022-08-07-16-53.CVE-2020-10735.ch010gps.rst

@@ -0,0 +1,9 @@
+Converting between :class:`int` and :class:`str` in non binary multiple bases
+(2, 4, 8, 16, & 32) such as base 10 now limits the maximum number of string
+digits by default to avoid potential denial of service attacks. This is a
+mitigation for `CVE-2020-10735
+<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735>`_.
+
+This new limit can be configured or disabled by environment variable, command
+line flag, or :mod:`sys` APIs. See the :ref:`int maximum digits limitation
+<int_max_str_digits>` docs.