<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [Mageia-dev] Freeze push: python and python3
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Freeze%20push%3A%20python%20and%20python3&In-Reply-To=%3C20120419145244.3714e650%40pitrou.net%3E">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="014494.html">
<LINK REL="Next" HREF="014607.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[Mageia-dev] Freeze push: python and python3</H1>
<B>Antoine Pitrou</B>
<A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Freeze%20push%3A%20python%20and%20python3&In-Reply-To=%3C20120419145244.3714e650%40pitrou.net%3E"
TITLE="[Mageia-dev] Freeze push: python and python3">solipsis at pitrou.net
</A><BR>
<I>Thu Apr 19 14:52:44 CEST 2012</I>
<P><UL>
<LI>Previous message: <A HREF="014494.html">[Mageia-dev] Freeze push: python and python3
</A></li>
<LI>Next message: <A HREF="014607.html">[Mageia-dev] Freeze push: python and python3
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#14505">[ date ]</a>
<a href="thread.html#14505">[ thread ]</a>
<a href="subject.html#14505">[ subject ]</a>
<a href="author.html#14505">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>On Thu, 19 Apr 2012 09:13:12 +0800
Funda Wang <<A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">fundawang at gmail.com</A>> wrote:
><i> Hello,
</I>><i>
</I>><i> Could somebody push python-2.7.3 and python3-3.2.3 into cauldron? They
</I>><i> fixed CVE-2012-0876, oCERT-2011-003, CVE-2012-0845, CVE-2011-3389,
</I>><i> and a lot of other minor bugs.
</I>
Note that oCERT-2011-003 is not plugged by default, because of
backwards compatibility issues (**). You need to use either the new "-R"
command-line option, or to set the PYTHONHASHSEED environment variable
to "random" (*). Perhaps that could be done for select Python
applications, especially Web applications (where malicious data can be
sent by anyone on the Internet).
(*) <A HREF="http://docs.python.org/using/cmdline.html#cmdoption-R">http://docs.python.org/using/cmdline.html#cmdoption-R</A>
(**) “Changing hash values affects the order in which keys are
retrieved from a dict. Although Python has never made guarantees about
this ordering (and it typically varies between 32-bit and 64-bit
builds), enough real-world code implicitly relies on this
non-guaranteed behavior that the randomization is disabled by default.”
Regards
Antoine.
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="014494.html">[Mageia-dev] Freeze push: python and python3
</A></li>
<LI>Next message: <A HREF="014607.html">[Mageia-dev] Freeze push: python and python3
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#14505">[ date ]</a>
<a href="thread.html#14505">[ thread ]</a>
<a href="subject.html#14505">[ subject ]</a>
<a href="author.html#14505">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev
mailing list</a><br>
</body></html>