Author christian.heimes
Recipients christian.heimes
Date 2018-09-10.22:47:44
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1536619664.47.0.56676864532.issue34623@psf.upfronthosting.co.za>
In-reply-to
Content
The pyexpat module calls XML_SetHashSalt(self->itself,                   (unsigned long)_Py_HashSecret.expat.hashsalt) to initialize the salt for hash randomization of the XML_Parser struct. The _elementree C accelerator doesn't call XML_SetHashSalt().

It's not a security issue with recent versions of libexpat. The library initializes the salt from a good entry source by default.
History
Date User Action Args
2018-09-10 22:47:44christian.heimessetrecipients: + christian.heimes
2018-09-10 22:47:44christian.heimessetmessageid: <1536619664.47.0.56676864532.issue34623@psf.upfronthosting.co.za>
2018-09-10 22:47:44christian.heimeslinkissue34623 messages
2018-09-10 22:47:44christian.heimescreate