This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Unsupported provider

Author dmalcolm
Recipients dmalcolm
Date 2012-03-09.00:56:27
SpamBayes Score 0.017733095
Marked as misclassified No
Message-id <1331254591.33.0.490720998909.issue14234@psf.upfronthosting.co.za>
In-reply-to
Content
Expat 2.1.0 Beta was recently announced:
  http://mail.libexpat.org/pipermail/expat-discuss/2012-March/002768.html
which contains (among other things) a fix for a hash-collision denial-of-service attack (CVE-2012-0876)

I'm attaching a patch which minimally backports the hash-collision fix part of expat 2.1.0 to the embedded copy of expat in the CPython source tree, and which adds a call to XML_SetHashSalt() to pyexpat when creating parsers.  It reuses part of the hash secret from Py_HashSecret.
History
Date User Action Args
2012-03-09 00:56:34dmalcolmsetrecipients: + dmalcolm
2012-03-09 00:56:31dmalcolmsetmessageid: <1331254591.33.0.490720998909.issue14234@psf.upfronthosting.co.za>
2012-03-09 00:56:30dmalcolmlinkissue14234 messages
2012-03-09 00:56:30dmalcolmcreate