blob: 5045c529732a152b080b949a2300bb499ce1388b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
$NetBSD: patch-CVE-2012-1150-Misc_NEWS,v 1.1 2012/03/25 09:09:05 tron Exp $
Fix for CVE-2012-1150 taken from here:
http://hg.python.org/cpython/rev/6b7704fe1be1
--- Misc/NEWS.orig 2011-06-03 22:55:45.000000000 +0100
+++ Misc/NEWS 2012-03-25 09:51:50.000000000 +0100
@@ -901,6 +901,11 @@
Core and Builtins
-----------------
+- Issue #13703: oCERT-2011-003: add -R command-line option and PYTHONHASHSEED
+ environment variable, to provide an opt-in way to protect against denial of
+ service attacks due to hash collisions within the dict and set types. Patch
+ by David Malcolm, based on work by Victor Stinner.
+
Library
-------
|