From martin at v.loewis.de Thu Aug 16 14:16:23 2012 From: martin at v.loewis.de (martin at v.loewis.de) Date: Thu, 16 Aug 2012 14:16:23 +0200 Subject: [xml-sig] Trouble installing PyXML In-Reply-To: References: Message-ID: <20120816141623.Horde.0Jdkfdjz9kRQLOSXKmci3xA@webmail.df.eu> > Any ideas? PyXML is no longer maintained. It's no surprise that it doesn't work. Regards, Martin From martin at v.loewis.de Thu Aug 16 14:15:37 2012 From: martin at v.loewis.de (martin at v.loewis.de) Date: Thu, 16 Aug 2012 14:15:37 +0200 Subject: [xml-sig] Hash DoS in PyXML In-Reply-To: <4F4426A2.9070108@redhat.com> References: <4F4426A2.9070108@redhat.com> Message-ID: <20120816141537.Horde.d4IKBdjz9kRQLORp3uNy3BA@webmail.df.eu> > I'm writing to you about the Hash DoS vulnerability > (http://www.ocert.org/advisories/ocert-2011-003.html). It appears that > PyXML is affected by this issue however I'm not sure yet if the Python > hash DoS fixes correct it (PyXML appears to also have an embedded copy > of expat). I was wondering if you were aware of this issue and if it's > being looked into. Thanks in advance. I am aware of the issue, and it's *not* being looked into, and it will *not* be fixed. PyXML is no longer maintained (and hasn't been for nearly a decade). Regards, Martin