Transplant from main repo d6c197edd99b: Fixes Issue #14234: CVE-2012-0876: Randomize hashes of xml attributes

author: Georg Brandl <georg@python.org> 2012-03-15 07:31:00 (GMT)
committer: Georg Brandl <georg@python.org> 2012-03-15 07:31:00 (GMT)
commit: a5d729a7f7ad1886b34302e8c9f6034a3f3dd1d9 (patch)
tree: cd8cb72b82c9cf3c5fe10f78ff838aa4202c2122 /Misc
parent: 48605a65b546fe028eff0f5d4a4be3065cac7d6c (diff)
download: cpython-a5d729a7f7ad1886b34302e8c9f6034a3f3dd1d9.zip
cpython-a5d729a7f7ad1886b34302e8c9f6034a3f3dd1d9.tar.gz
cpython-a5d729a7f7ad1886b34302e8c9f6034a3f3dd1d9.tar.bz2
1 files changed, 10 insertions, 2 deletions
diff --git a/Misc/NEWS b/Misc/NEWS
index 3e63d86..ae00af7 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -7,12 +7,20 @@ What's New in Python 3.2.3?
 
 *Release date: XX-XXX-2012*
 
-Core and Builtins
------------------
+
+What's New in Python 3.2.3 release candidate 2?
+===============================================
+
+*Release date: XX-Mar-2012*
 
 Library
 -------
 
+- Issue #14234: CVE-2012-0876: Randomize hashes of xml attributes in the hash
+  table internal to the pyexpat module's copy of the expat library to avoid a
+  denial of service due to hash collisions.  Patch by David Malcolm with some
+  modifications by the expat project.
+
 - Issue #6884: Fix long-standing bugs with MANIFEST.in parsing in distutils
   on Windows.
author	Georg Brandl <georg@python.org>	2012-03-15 07:31:00 (GMT)
committer	Georg Brandl <georg@python.org>	2012-03-15 07:31:00 (GMT)
commit	a5d729a7f7ad1886b34302e8c9f6034a3f3dd1d9 (patch)
tree	cd8cb72b82c9cf3c5fe10f78ff838aa4202c2122 /Misc
parent	48605a65b546fe028eff0f5d4a4be3065cac7d6c (diff)
download	cpython-a5d729a7f7ad1886b34302e8c9f6034a3f3dd1d9.zip cpython-a5d729a7f7ad1886b34302e8c9f6034a3f3dd1d9.tar.gz cpython-a5d729a7f7ad1886b34302e8c9f6034a3f3dd1d9.tar.bz2