dgit.raspbian.org Git - python3.9.git/commit

author	Theo Buehler <botovq@users.noreply.github.com>
	Fri, 28 Oct 2022 10:08:06 +0000 (03:08 -0700)
committer	Arnaud Rebillout <arnaudr@debian.org>
	Tue, 14 Apr 2026 04:38:32 +0000 (11:38 +0700)
commit	6a22a784f7d27efc6c09fcf5d5863230f2c98819
tree	e7feaf61c2ab3515ebc9221aa64b0ab4961fbb63	tree \| snapshot
parent	3b8eeeff8f604a2921fe67ec73ae72b59c824509	commit \| diff

[3.9] gh-98517: Fix buffer overflows in _sha3 module (GH-98519) (#98526)

This is a port of the applicable part of XKCP's fix [1] for
CVE-2022-37454 and avoids the segmentation fault and the infinite
loop in the test cases published in [2].

[1]: https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a
[2]: https://mouha.be/sha-3-buffer-overflow/

Regression test added by: Gregory P. Smith [Google LLC] <greg@krypto.org>
(cherry picked from commit 0e4e058602d93b88256ff90bbef501ba20be9dd3)

Co-authored-by: Theo Buehler <botovq@users.noreply.github.com>
Origin: upstream, https://github.com/python/cpython/commit/857efee6d2d43c5c12fc7e377ce437144c728ab8

Gbp-Pq: Name CVE-2022-37454.patch

Lib/test/test_hashlib.py		diff \| blob \| history
Misc/NEWS.d/next/Security/2022-10-21-13-31-47.gh-issue-98517.SXXGfV.rst	[new file with mode: 0644]	blob
Modules/_sha3/kcp/KeccakSponge.inc		diff \| blob \| history