85b968ee6c
(CVE-2012-0845, CVE-2012-1150 are alredy fixed in pkgsrc, CVE-2012-0876 is not affect to pkgsrc, using external expat) What's New in Python 2.6.8? =========================== *Release date: 2012-04-10* No changes since 2.6.8rc2. What's New in Python 2.6.8 rc 2? ================================ *Release date: 2012-03-17* Library ------- - Issue #14234: CVE-2012-0876: Randomize hashes of xml attributes in the hash table internal to the pyexpat module's copy of the expat library to avoid a denial of service due to hash collisions. Patch by David Malcolm with some modifications by the expat project. What's New in Python 2.6.8 rc 1? ================================ *Release date: 2012-02-23* Core and Builtins ----------------- - Issue #13703: oCERT-2011-003 CVE-2012-1150: add -R command-line option and PYTHONHASHSEED environment variable, to provide an opt-in way to protect against denial of service attacks due to hash collisions within the dict and set types. Patch by David Malcolm, based on work by Victor Stinner. Library ------- - Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in SimpleXMLRPCServer upon malformed POST request. - Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure. |
||
|---|---|---|
| .. | ||
| patches | ||
| ALTERNATIVES | ||
| buildlink3.mk | ||
| DESCR | ||
| dist.mk | ||
| distinfo | ||
| Makefile | ||
| PLIST.common | ||
| PLIST.common_end | ||
| PLIST.Darwin | ||
| PLIST.IRIX | ||
| PLIST.Linux | ||
| PLIST.Linux3 | ||
| PLIST.SunOS | ||