Skip to content

[3.5] bpo-34623: Use XML_SetHashSalt in _elementtree #9933

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
larryhastings merged 2 commits into from
Feb 25, 2019
Merged

[3.5] bpo-34623: Use XML_SetHashSalt in _elementtree #9933

larryhastings merged 2 commits into from
Feb 25, 2019

Conversation

@stratakis
Copy link
Contributor

@stratakis stratakis commented Oct 17, 2018
edited by bedevere-bot
Loading

miss-islington and others added 2 commits October 17, 2018 18:22
@miss-islington @tiran @stratakis
bpo-34623: Use XML_SetHashSalt in _elementtree (pythonGH-9146)
73f06a7 
The C accelerated _elementtree module now initializes hash randomization
salt from _Py_HashSecret instead of libexpat's default CPRNG.

Signed-off-by: Christian Heimes <[email protected]>

https://bugs.python.org/issue34623
(cherry picked from commit cb5778f)

Co-authored-by: Christian Heimes <[email protected]>
@miss-islington @stratakis
[3.5] bpo-34623: Mention CVE-2018-14647 in news entry (pythonGH-9482) (
eb0bcb0 
…pythonGH-9489)

https://bugs.python.org/issue34623
(cherry picked from commit 026337a)

Co-authored-by: Christian Heimes <[email protected]>

https://bugs.python.org/issue34623
@stratakis stratakis changed the title bpo-34623: Use XML_SetHashSalt in _elementtree [3.5]bpo-34623: Use XML_SetHashSalt in _elementtree Oct 17, 2018
@stratakis stratakis changed the title [3.5]bpo-34623: Use XML_SetHashSalt in _elementtree [3.5] bpo-34623: Use XML_SetHashSalt in _elementtree Oct 17, 2018
vstinner
vstinner approved these changes Oct 18, 2018
View reviewed changes
Copy link
Member

@vstinner vstinner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@tiran: Would you mind to review it as well?

@serhiy-storchaka serhiy-storchaka added the type-security A security issue label Oct 18, 2018
@vstinner
Copy link
Member

vstinner commented Jan 21, 2019

@larryhastings: Hi Larry, would you mind to merge this security fix?

@larryhastings larryhastings merged commit 41b48e7 into python:3.5 Feb 25, 2019
@bedevere-bot
Copy link

bedevere-bot commented Feb 25, 2019

@larryhastings: Please replace # with GH- in the commit message next time. Thanks!

@larryhastings
Copy link
Contributor

larryhastings commented Feb 25, 2019

Thanks for the backported fix!

@stratakis stratakis deleted the xml branch June 18, 2020 13:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vstinner vstinner vstinner approved these changes

@tiran tiran Awaiting requested review from tiran

Assignees

@larryhastings larryhastings

Labels

type-security A security issue

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@stratakis @vstinner @bedevere-bot @larryhastings @serhiy-storchaka @the-knights-who-say-ni @miss-islington