[Python-Dev] XML DoS vulnerabilities and exploits in Python
Benjamin Peterson
benjamin at python.org
Wed Feb 20 17:25:29 CET 2013
2013/2/19 Christian Heimes <christian at python.org>:
> Hello,
>
> in August 2012 I found a DoS vulnerability in expat and XML libraries in
> Python's standard library. Since then I have found several more issues.
> I have been working on fixes ever since.
>
> The README of https://pypi.python.org/pypi/defusedxml contains detailed
> explanations of my research and all issues
>
>
> Blog post:
> http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html
>
> Hotfixes:
> https://pypi.python.org/pypi/defusedxml
> https://pypi.python.org/pypi/defusedexpat
Are these going to become patches for Python, too?
--
Regards,
Benjamin
More information about the Python-Dev
mailing list