On Apr 27, 2012, at 07:02 PM, Scott Kitterman wrote:
>OK. I added a task on ubuntu-release-notes. Would you please draft
>something up?
Python 2.7.3 includes a fix for a security vulnerability affecting Python's
dict and set implementations. Carefully crafted, untrusted input could lead
to extremely long computation times and denials of service. Although disabled
by default, vulnerable applications such as CGI scripts can explicitly enable
"hash randomization" to prevent this exploit. Due to implementation details
of this fix, virtualenvs created with older 2.7.x releases may not work with
2.7.3. Specifically, the os module may not appear to have a urandom function.
This problem can be solved by recreating the broken virtualenvs with the newer
Python 2.7.3 version.
On Apr 27, 2012, at 07:02 PM, Scott Kitterman wrote:
>OK. I added a task on ubuntu- release- notes. Would you please draft
>something up?
Python 2.7.3 includes a fix for a security vulnerability affecting Python's
dict and set implementations. Carefully crafted, untrusted input could lead
to extremely long computation times and denials of service. Although disabled
by default, vulnerable applications such as CGI scripts can explicitly enable
"hash randomization" to prevent this exploit. Due to implementation details
of this fix, virtualenvs created with older 2.7.x releases may not work with
2.7.3. Specifically, the os module may not appear to have a urandom function.
This problem can be solved by recreating the broken virtualenvs with the newer
Python 2.7.3 version.
See http:// bugs.python. org/issue13703 for full details.