Message 155198 - Python tracker

➜

This issue tracker has been migrated to GitHub , and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

In-reply-to
Author	dmalcolm
Recipients	dmalcolm
Date	2012年03月09日.00:56:27
SpamBayes Score	0.017733095
Marked as misclassified	No
Message-id	<1331254591.33.0.490720998909.issue14234@psf.upfronthosting.co.za>

Content
Expat 2.1.0 Beta was recently announced: http://mail.libexpat.org/pipermail/expat-discuss/2012-March/002768.html which contains (among other things) a fix for a hash-collision denial-of-service attack (CVE-2012-0876) I'm attaching a patch which minimally backports the hash-collision fix part of expat 2.1.0 to the embedded copy of expat in the CPython source tree, and which adds a call to XML_SetHashSalt() to pyexpat when creating parsers. It reuses part of the hash secret from Py_HashSecret.

Content

Expat 2.1.0 Beta was recently announced:
 http://mail.libexpat.org/pipermail/expat-discuss/2012-March/002768.html
which contains (among other things) a fix for a hash-collision denial-of-service attack (CVE-2012-0876)
I'm attaching a patch which minimally backports the hash-collision fix part of expat 2.1.0 to the embedded copy of expat in the CPython source tree, and which adds a call to XML_SetHashSalt() to pyexpat when creating parsers. It reuses part of the hash secret from Py_HashSecret.

History
Date	User	Action	Args
2012年03月09日 00:56:34	dmalcolm	set	recipients: + dmalcolm
2012年03月09日 00:56:31	dmalcolm	set	messageid: <1331254591.33.0.490720998909.issue14234@psf.upfronthosting.co.za>
2012年03月09日 00:56:30	dmalcolm	link	issue14234 messages
2012年03月09日 00:56:30	dmalcolm	create

homepage