[3.6] bpo-41004: Resolve hash collisions for IPv4Interface and IPv6In… #21232
Conversation
|
Sorry, we only accept the security patch for 3.5-3.7. I close this PR cc @ericvsmith |
|
@corona10 this is assigned a CVE-2020-14422 Pls refer: https://nvd.nist.gov/vuln/detail?vulnId=CVE-2020-14422 Let me know if i am wrong. |
|
@tapakund |
There was a problem hiding this comment.
Since this issue is reported as the CVE-2020-14422.
I am okay to merge this PR as the security issue.
But waiting @ned-deily and @ericvsmith 's comment :)
|
As I commented on the bpo issue, please add the CVE to the NEWS item. |
…terface (pythonGH-21033) The __hash__() methods of classes IPv4Interface and IPv6Interface had issue of generating constant hash values of 32 and 128 respectively causing hash collisions. The fix uses the hash() function to generate hash values for the objects instead of XOR operation (cherry picked from commit b30ee26) Co-authored-by: Ravi Teja P <rvteja92@gmail.com> Signed-off-by: Tapas Kundu <tkundu@vmware.com>
|
Can we get the new build of Python 3.6 which has this fix available publically? |
|
@ned-deily ^^^ |
|
@sshuklao Just to be clear, we do not provide builds, as in binary builds, for Python versions, like 3.6, that are in the |
…terface (GH-21033)
The hash() methods of classes IPv4Interface and IPv6Interface had issue
of generating constant hash values of 32 and 128 respectively causing hash collisions.
The fix uses the hash() function to generate hash values for the objects
instead of XOR operation
(cherry picked from commit b30ee26)
Co-authored-by: Ravi Teja P rvteja92@gmail.com
Signed-off-by: Tapas Kundu tkundu@vmware.com
https://bugs.python.org/issue41004