https://github.com/python/cpython/commit/5c3d8b2efda1b99abe09ad925f366c5695bd66fb commit: 5c3d8b2efda1b99abe09ad925f366c5695bd66fb branch: 3.7 author: Miss Islington (bot) <31488909+miss-islington at users.noreply.github.com> committer: GitHub <noreply at github.com> date: 2018年09月21日T21:57:46-07:00 summary: [3.7] bpo-34623: Mention CVE-2018-14647 in news entry (GH-9482) (GH-9488) https://bugs.python.org/issue34623 (cherry picked from commit 026337a7101369297c8083047d2f3c6fc9dd1e2b) Co-authored-by: Christian Heimes <christian at python.org> https://bugs.python.org/issue34623 files: M Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst diff --git a/Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst b/Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst index 31ad92ef8582..cbaa4b750644 100644 --- a/Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst +++ b/Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst @@ -1,2 +1,2 @@ -The C accelerated _elementtree module now initializes hash randomization -salt from _Py_HashSecret instead of libexpat's default CSPRNG. +CVE-2018-14647: The C accelerated _elementtree module now initializes hash +randomization salt from _Py_HashSecret instead of libexpat's default CSPRNG.