Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
|
Sorry, we only accept the security patch for 3.5-3.7. I close this PR cc @ericvsmith |
Since this issue is reported as the CVE-2020-14422.
I am okay to merge this PR as the security issue.
But waiting for @ned-deily and @ericvsmith 's comment :)
|
The decision whether to merge to 3.5 is up to the 3.5 release manager, @larryhastings. |
|
As I noted on the bpo issue, I think the NEWS blurb should be updated to include the CVE. |
…terface (pythonGH-21033) The __hash__() methods of classes IPv4Interface and IPv6Interface had issue of generating constant hash values of 32 and 128 respectively causing hash collisions. The fix uses the hash() function to generate hash values for the objects instead of XOR operation (cherry picked from commit b30ee26) Co-authored-by: Ravi Teja P <rvteja92@gmail.com> Signed-off-by: Tapas Kundu <tkundu@vmware.com>
|
@larryhastings Please help to review the backport to 3.5 of a security fix. Thanks! |
|
@larryhastings: Please replace |
|
Thanks for the backport! And, for the record, @ericvsmith is a great guy, but he is not nor has ever been a Python release manager. |
tapakund commentedJun 30, 2020
•
edited by bedevere-bot
Loading
…terface (GH-21033)
The hash() methods of classes IPv4Interface and IPv6Interface had issue
of generating constant hash values of 32 and 128 respectively causing hash collisions.
The fix uses the hash() function to generate hash values for the objects
instead of XOR operation
(cherry picked from commit b30ee26)
Co-authored-by: Ravi Teja P rvteja92@gmail.com
Signed-off-by: Tapas Kundu tkundu@vmware.com
https://bugs.python.org/issue41004
The text was updated successfully, but these errors were encountered: