diff options
| -rw-r--r-- | Misc/NEWS | 6 |
1 files changed, 3 insertions, 3 deletions
@@ -15,14 +15,14 @@ Core and Builtins service attacks due to hash collisions within the dict and set types. Patch by David Malcolm, based on work by Victor Stinner. +Library +------- + - Issue #14234: CVE-2012-0876: Randomize hashes of xml attributes in the hash table internal to the pyexpat module's copy of the expat library to avoid a denial of service due to hash collisions. Patch by David Malcolm with some modifications by the expat project. -Library -------- - - Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in SimpleXMLRPCServer upon malformed POST request. |