Fixes Issue #14234: CVE-2012-0876: Randomize hashes of xml attributes

in the hash table internal to the pyexpat module's copy of the expat library to avoid a denial of service due to hash collisions. Patch by David Malcolm with some modifications by the expat project.
author: Gregory P. Smith <greg@krypto.org> 2012-03-14 22:28:10 (GMT)
committer: Gregory P. Smith <greg@krypto.org> 2012-03-14 22:28:10 (GMT)
commit: d0e1a5b24196208c38d57d4512a6181a0f5dddf7 (patch)
tree: 5eb5ee00fbacd3606cdaec6cabe2eb23b39d05e9 /Misc/NEWS
parent: 0e4944911813528c77073c262771eae1e8033f2f (diff)
download: cpython-d0e1a5b24196208c38d57d4512a6181a0f5dddf7.zip
cpython-d0e1a5b24196208c38d57d4512a6181a0f5dddf7.tar.gz
cpython-d0e1a5b24196208c38d57d4512a6181a0f5dddf7.tar.bz2
1 files changed, 15 insertions, 0 deletions
diff --git a/Misc/NEWS b/Misc/NEWS
index 1e35133..3180a61 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -1,6 +1,21 @@
 Python News
 +++++++++++
 
+
+What's New in Python 2.7.3 release candidate 2?
+===============================================
+
+*Release date: 2012-03-XX*
+
+Library
+-------
+
+- Issue #14234: CVE-2012-0876: Randomize hashes of xml attributes in the hash
+  table internal to the pyexpat module's copy of the expat library to avoid a
+  denial of service due to hash collisions.  Patch by David Malcolm with some
+  modifications by the expat project.
+
+
 What's New in Python 2.7.3 release candidate 1?
 ===============================================
author	Gregory P. Smith <greg@krypto.org>	2012-03-14 22:28:10 (GMT)
committer	Gregory P. Smith <greg@krypto.org>	2012-03-14 22:28:10 (GMT)
commit	d0e1a5b24196208c38d57d4512a6181a0f5dddf7 (patch)
tree	5eb5ee00fbacd3606cdaec6cabe2eb23b39d05e9 /Misc/NEWS
parent	0e4944911813528c77073c262771eae1e8033f2f (diff)
download	cpython-d0e1a5b24196208c38d57d4512a6181a0f5dddf7.zip cpython-d0e1a5b24196208c38d57d4512a6181a0f5dddf7.tar.gz cpython-d0e1a5b24196208c38d57d4512a6181a0f5dddf7.tar.bz2