STINNER Victor <vstin...@redhat.com> added the comment:
New changeset a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd by Benjamin Peterson in branch 'master': closes bpo-34656: Avoid relying on signed overflow in _pickle memos. (GH-9261) https://github.com/python/cpython/commit/a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd It seems like this patch changes the implementation of the internal "memo" object which is a custom C type in Python 3. In Python 2 cPickle, the memo is a regular dictionary and so I'm not sure that Python 2 is affected by this vulnerability. Can someone please confirm? ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue34656> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
