Author vstinner
Recipients Natanael Copa, christian.heimes, vstinner
Date 2017-02-17.15:41:46
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1487346106.89.0.306262096079.issue29591@psf.upfronthosting.co.za>
In-reply-to
Content
> CVE-2012-6702 (issue 519)
> Resolve troublesome internal call to srand that was introduced with Expat 2.1.0 when addressing CVE-2012-0876 (issue 496)

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6702

Extract of Modules/pyexpat.c:
---
#if ((XML_MAJOR_VERSION >= 2) && (XML_MINOR_VERSION >= 1)) || defined(XML_HAS_SET_HASH_SALT)
    /* This feature was added upstream in libexpat 2.1.0.  Our expat copy
     * has a backport of this feature where we also define XML_HAS_SET_HASH_SALT
     * to indicate that we can still use it. */
    XML_SetHashSalt(self->itself,
                    (unsigned long)_Py_HashSecret.prefix);
#endif
---

Python 2.7, 3.5, 3.6 and 3.7 have this call at least (I didn't check other versions).
History
Date User Action Args
2017-02-17 15:41:46vstinnersetrecipients: + vstinner, christian.heimes, Natanael Copa
2017-02-17 15:41:46vstinnersetmessageid: <1487346106.89.0.306262096079.issue29591@psf.upfronthosting.co.za>
2017-02-17 15:41:46vstinnerlinkissue29591 messages
2017-02-17 15:41:46vstinnercreate