From 1be510f9529cb082f802408b472a77d074b394c0 Mon Sep 17 00:00:00 2001 From: Nicolas Vigier Date: Sun, 14 Apr 2013 13:46:12 +0000 Subject: Add zarb MLs html archives --- zarb-ml/mageia-dev/2012-April/014505.html | 102 ++++++++++++++++++++++++++++++ 1 file changed, 102 insertions(+) create mode 100644 zarb-ml/mageia-dev/2012-April/014505.html (limited to 'zarb-ml/mageia-dev/2012-April/014505.html') diff --git a/zarb-ml/mageia-dev/2012-April/014505.html b/zarb-ml/mageia-dev/2012-April/014505.html new file mode 100644 index 000000000..b2788aedb --- /dev/null +++ b/zarb-ml/mageia-dev/2012-April/014505.html @@ -0,0 +1,102 @@ + + + + [Mageia-dev] Freeze push: python and python3 + + + + + + + + + +

[Mageia-dev] Freeze push: python and python3

+ Antoine Pitrou + solipsis at pitrou.net +
+ Thu Apr 19 14:52:44 CEST 2012 +

+
+ +
On Thu, 19 Apr 2012 09:13:12 +0800
+Funda Wang <fundawang at gmail.com> wrote:
+> Hello,
+> 
+> Could somebody push python-2.7.3 and python3-3.2.3 into cauldron? They
+> fixed CVE-2012-0876,  oCERT-2011-003, CVE-2012-0845,  CVE-2011-3389,
+> and a lot of other minor bugs.
+
+Note that oCERT-2011-003 is not plugged by default, because of
+backwards compatibility issues (**). You need to use either the new "-R"
+command-line option, or to set the PYTHONHASHSEED environment variable
+to "random" (*). Perhaps that could be done for select Python
+applications, especially Web applications (where malicious data can be
+sent by anyone on the Internet).
+
+
+(*) http://docs.python.org/using/cmdline.html#cmdoption-R
+
+(**) “Changing hash values affects the order in which keys are
+retrieved from a dict. Although Python has never made guarantees about
+this ordering (and it typically varies between 32-bit and 64-bit
+builds), enough real-world code implicitly relies on this
+non-guaranteed behavior that the randomization is disabled by default.”
+
+
+Regards
+
+Antoine.
+
+
+
+ + + + + + + + + + + + + + + + + + + +
+

+ +
+More information about the Mageia-dev +mailing list
+ -- cgit v1.2.1