Transplant from main repo d6c197edd99b: Fixes Issue #14234: CVE-2012-0876: Randomize hashes of xml attributes

commit: a5d729a7f7ad1886b34302e8c9f6034a3f3dd1d9 [log] [tgz]
author: Georg Brandl <georg@python.org> Thu Mar 15 08:31:00 2012 +0100
committer: Georg Brandl <georg@python.org> Thu Mar 15 08:31:00 2012 +0100
tree: cd8cb72b82c9cf3c5fe10f78ff838aa4202c2122
parent: 48605a65b546fe028eff0f5d4a4be3065cac7d6c [diff] [blame]
diff --git a/Misc/NEWS b/Misc/NEWS
index 3e63d86..ae00af7 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS

@@ -7,12 +7,20 @@
 
 *Release date: XX-XXX-2012*
 
-Core and Builtins
------------------
+
+What's New in Python 3.2.3 release candidate 2?
+===============================================
+
+*Release date: XX-Mar-2012*
 
 Library
 -------
 
+- Issue #14234: CVE-2012-0876: Randomize hashes of xml attributes in the hash
+  table internal to the pyexpat module's copy of the expat library to avoid a
+  denial of service due to hash collisions.  Patch by David Malcolm with some
+  modifications by the expat project.
+
 - Issue #6884: Fix long-standing bugs with MANIFEST.in parsing in distutils
   on Windows.
commit	a5d729a7f7ad1886b34302e8c9f6034a3f3dd1d9	[log] [tgz]
author	Georg Brandl <georg@python.org>	Thu Mar 15 08:31:00 2012 +0100
committer	Georg Brandl <georg@python.org>	Thu Mar 15 08:31:00 2012 +0100
tree	cd8cb72b82c9cf3c5fe10f78ff838aa4202c2122
parent	48605a65b546fe028eff0f5d4a4be3065cac7d6c [diff] [blame]