Message 324954 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	christian.heimes
Recipients	christian.heimes
Date	2018-09-10.22:47:44
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<[email protected]>
In-reply-to

Content
The pyexpat module calls XML_SetHashSalt(self->itself, (unsigned long)_Py_HashSecret.expat.hashsalt) to initialize the salt for hash randomization of the XML_Parser struct. The _elementree C accelerator doesn't call XML_SetHashSalt(). It's not a security issue with recent versions of libexpat. The library initializes the salt from a good entry source by default.

The pyexpat module calls XML_SetHashSalt(self->itself,                   (unsigned long)_Py_HashSecret.expat.hashsalt) to initialize the salt for hash randomization of the XML_Parser struct. The _elementree C accelerator doesn't call XML_SetHashSalt().

It's not a security issue with recent versions of libexpat. The library initializes the salt from a good entry source by default.

History
Date	User	Action	Args
2018-09-10 22:47:44	christian.heimes	set	recipients: + christian.heimes
2018-09-10 22:47:44	christian.heimes	set	messageid: <[email protected]>
2018-09-10 22:47:44	christian.heimes	link	issue34623 messages
2018-09-10 22:47:44	christian.heimes	create