Message288016
> CVE-2012-6702 (issue 519)
> Resolve troublesome internal call to srand that was introduced with Expat 2.1.0 when addressing CVE-2012-0876 (issue 496)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6702
Extract of Modules/pyexpat.c:
---
#if ((XML_MAJOR_VERSION >= 2) && (XML_MINOR_VERSION >= 1)) || defined(XML_HAS_SET_HASH_SALT)
/* This feature was added upstream in libexpat 2.1.0. Our expat copy
* has a backport of this feature where we also define XML_HAS_SET_HASH_SALT
* to indicate that we can still use it. */
XML_SetHashSalt(self->itself,
(unsigned long)_Py_HashSecret.prefix);
#endif
---
Python 2.7, 3.5, 3.6 and 3.7 have this call at least (I didn't check other versions). |
|
Date |
User |
Action |
Args |
2017-02-17 15:41:46 | vstinner | set | recipients:
+ vstinner, christian.heimes, Natanael Copa |
2017-02-17 15:41:46 | vstinner | set | messageid: <1487346106.89.0.306262096079.issue29591@psf.upfronthosting.co.za> |
2017-02-17 15:41:46 | vstinner | link | issue29591 messages |
2017-02-17 15:41:46 | vstinner | create | |
|