[issue41004] Hash collisions in IPv4Interface and IPv6Interface
Ned Deily
report at bugs.python.org
Tue Jun 30 10:41:52 EDT 2020
Ned Deily <nad at python.org> added the comment:
A legitimate CVE should certainly be backported to all applicable releases, so, yes. However, I think that it is important for the CVE to be mentioned in the NEWS blurbs for each commit. So please update the NEWS items in each open PR to include the CVE. For master and 3.9 (if you hurry), you can update the original blurb file. For 3.8, the blurb file is in the process of being merged into the blurb for the release; for it, wait until the v3.8.4rc1 has been merged back into the main cpython repo and then update the merged the blob, please. Thanks!
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue41004>
_______________________________________
More information about the Python-bugs-list
mailing list