On 07Nov2022 12:26, Gregory P. Smith <[email protected]> wrote:
I personally didn't feel this one was urgent enough to ask anyone to spendAs it happens I'm doing some work for a media archiving company and we're looking at recording checksums for archived files. I _may_ well be choosing to mmap a file and calling .update() on the mapping in one go.time doing an emergency security release as triggering the crash requires someone sending a multi-gigabyte amount of data into a sha3 hash function in a single .update() method call. That seems like a rare code pattern. How many applications ever do that vs doing I/O in smaller chunks with more frequent .update() calls?
That said, that's (a) niche and (b) not even written yet.I think I'd still agree that this might be a nonurgent fix (haven't read the CVE properly yet).
Cheers, Cameron Simpson <[email protected]> _______________________________________________ Python-Dev mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3/lists/python-dev.python.org/ Message archived at https://mail.python.org/archives/list/[email protected]/message/AOBBVHKUAFXSY3D6T5OK53PFB44ZWY4N/ Code of Conduct: http://python.org/psf/codeofconduct/