2ccd668147
(CVE-2012-0845 is already fixed in pkgsrc) What's New in Python 3.1.5? =========================== *Release date: 2012-04-08* Core and Builtins ----------------- - Issue #13703: oCERT-2011-003: add -R command-line option and PYTHONHASHSEED environment variable, to provide an opt-in way to protect against denial of service attacks due to hash collisions within the dict and set types. Patch by David Malcolm, based on work by Victor Stinner. Library ------- - Issue #14234: CVE-2012-0876: Randomize hashes of xml attributes in the hash table internal to the pyexpat module's copy of the expat library to avoid a denial of service due to hash collisions. Patch by David Malcolm with some modifications by the expat project. - Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in SimpleXMLRPCServer upon malformed POST request. - Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure. - Issue #11603: Fix a crash when __str__ is rebound as __repr__. Patch by Andreas Stührk. |
||
|---|---|---|
| .. | ||
| patch-aa | ||
| patch-ab | ||
| patch-ah | ||
| patch-al | ||
| patch-am | ||
| patch-an | ||
| patch-ao | ||
| patch-au | ||
| patch-av | ||
| patch-aw | ||
| patch-pyconfig.h.in | ||