STINNER Victor added the comment: > CVE-2012-6702 (issue 519) > Resolve troublesome internal call to srand that was introduced with Expat > 2.1.0 when addressing CVE-2012-0876 (issue 496)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6702 Extract of Modules/pyexpat.c: --- #if ((XML_MAJOR_VERSION >= 2) && (XML_MINOR_VERSION >= 1)) || defined(XML_HAS_SET_HASH_SALT) /* This feature was added upstream in libexpat 2.1.0. Our expat copy * has a backport of this feature where we also define XML_HAS_SET_HASH_SALT * to indicate that we can still use it. */ XML_SetHashSalt(self->itself, (unsigned long)_Py_HashSecret.prefix); #endif --- Python 2.7, 3.5, 3.6 and 3.7 have this call at least (I didn't check other versions). ---------- nosy: +christian.heimes, haypo _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue29591> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
