> CVE-2012-6702 (issue 519)
> Resolve troublesome internal call to srand that was introduced with Expat 2.1.0 when addressing CVE-2012-0876 (issue 496)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6702
Extract of Modules/pyexpat.c:
---
#if ((XML_MAJOR_VERSION >= 2) && (XML_MINOR_VERSION >= 1)) || defined(XML_HAS_SET_HASH_SALT)
/* This feature was added upstream in libexpat 2.1.0. Our expat copy
* has a backport of this feature where we also define XML_HAS_SET_HASH_SALT
* to indicate that we can still use it. */
XML_SetHashSalt(self->itself,
(unsigned long)_Py_HashSecret.prefix);
#endif
---
Python 2.7, 3.5, 3.6 and 3.7 have this call at least (I didn't check other versions).