Message155198
Expat 2.1.0 Beta was recently announced:
http://mail.libexpat.org/pipermail/expat-discuss/2012-March/002768.html
which contains (among other things) a fix for a hash-collision denial-of-service attack (CVE-2012-0876)
I'm attaching a patch which minimally backports the hash-collision fix part of expat 2.1.0 to the embedded copy of expat in the CPython source tree, and which adds a call to XML_SetHashSalt() to pyexpat when creating parsers. It reuses part of the hash secret from Py_HashSecret. |
|
Date |
User |
Action |
Args |
2012-03-09 00:56:34 | dmalcolm | set | recipients:
+ dmalcolm |
2012-03-09 00:56:31 | dmalcolm | set | messageid: <1331254591.33.0.490720998909.issue14234@psf.upfronthosting.co.za> |
2012-03-09 00:56:30 | dmalcolm | link | issue14234 messages |
2012-03-09 00:56:30 | dmalcolm | create | |
|