Reorder entries alphabetically, include entries suggested by Victor

Author: ambv

Doc/library/hashlib.rst

@@ -80,6 +80,8 @@ library that Python uses on your platform. On most platforms the
 .. versionadded:: 3.6
    :func:`blake2b` and :func:`blake2s` were added.
 
+.. _hashlib-usedforsecurity:
+
 .. versionchanged:: 3.9
    All hashlib constructors take a keyword-only argument *usedforsecurity*
    with default value ``True``. A false value allows the use of insecure and

Doc/library/logging.config.rst

@@ -152,6 +152,8 @@ in :mod:`logging` itself) and defining handlers which are declared either in
    send it to the socket as a sequence of bytes preceded by a four-byte length
    string packed in binary using ``struct.pack('>L', n)``.
 
+   .. _logging-eval-security:
+
    .. note::
 
       Because portions of the configuration are passed through

Doc/library/multiprocessing.rst

@@ -1187,6 +1187,7 @@ For example:
     >>> arr2
     array('i', [0, 1, 2, 3, 4, 0, 0, 0, 0, 0])
 
+.. _multiprocessing-recv-pickle-security:
 
 .. warning::
 

Doc/library/security_warnings.rst

@@ -7,8 +7,22 @@ Security Considerations
 
 The following modules have specific security considerations:
 
-* :mod:`ssl` : :ref:`SSL/TLS security considerations <ssl-security>`
-* :mod:`cgi` : :ref:`CGI security considerations <cgi-security>`
-* :mod:`pickle` : :ref:`Restricting globals in pickle <pickle-restrict>`
-* :mod:`subprocess` : :ref:`Subprocess security considerations <subprocess-security>`
-* :mod:`xml` : :ref:`XML vulnerabilities <xml-vulnerabilities>`
+* :mod:`cgi`: :ref:`CGI security considerations <cgi-security>`
+* :mod:`hashlib`: :ref:`all constructors take a "usedforsecurity" keyword-only
+  argument disabling known insecure and blocked algorithms
+  <hashlib-usedforsecurity>`
+* :mod:`http.server` is not suitable for production use, only implementing
+  basic security checks
+* :mod:`logging`: :ref:`Logging configuration uses eval()
+  <logging-eval-security>`
+* :mod:`multiprocessing`: :ref:`Connection.recv() uses pickle
+  <multiprocessing-recv-pickle-security>`
+* :mod:`pickle`: :ref:`Restricting globals in pickle <pickle-restrict>`
+* :mod:`random` shouldn't be used for security purposes, use :mod:`secrets`
+  instead
+* :mod:`ssl`: :ref:`SSL/TLS security considerations <ssl-security>`
+* :mod:`subprocess`: :ref:`Subprocess security considerations
+  <subprocess-security>`
+* :mod:`xml`: :ref:`XML vulnerabilities <xml-vulnerabilities>`
+* :mod:`zipfile`: :ref:`maliciously prepared .zip files can cause disk volume
+  exhaustion <zipfile-resources-limitations>`

Doc/library/zipfile.rst

@@ -886,6 +886,8 @@ Exceeding limitations on different file systems can cause decompression failed.
 Such as allowable characters in the directory entries, length of the file name,
 length of the pathname, size of a single file, and number of files, etc.
 
+.. _zipfile-resources-limitations:
+
 Resources limitations
 ~~~~~~~~~~~~~~~~~~~~~