[Python-checkins] cpython (merge 3.5 -> 3.6): Issue #18789: Update XML vulnerability table to use Safe/Vulnerable instead of
guido.van.rossum
python-checkins at python.org
Thu Oct 13 17:33:11 EDT 2016
https://hg.python.org/cpython/rev/beed43d7dc46
changeset: 104482:beed43d7dc46
branch: 3.6
parent: 104479:d7279d803d1d
parent: 104481:e05c546062a1
user: Guido van Rossum <guido at python.org>
date: Thu Oct 13 14:32:33 2016 -0700
summary:
Issue #18789: Update XML vulnerability table to use Safe/Vulnerable instead of No/Yes. (3.5->3.6)
files:
Doc/library/xml.rst | 18 +++++++++---------
1 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/Doc/library/xml.rst b/Doc/library/xml.rst
--- a/Doc/library/xml.rst
+++ b/Doc/library/xml.rst
@@ -60,15 +60,15 @@
The following table gives an overview of the known attacks and whether
the various modules are vulnerable to them.
-========================= ======== ========= ========= ======== =========
-kind sax etree minidom pulldom xmlrpc
-========================= ======== ========= ========= ======== =========
-billion laughs **Yes** **Yes** **Yes** **Yes** **Yes**
-quadratic blowup **Yes** **Yes** **Yes** **Yes** **Yes**
-external entity expansion **Yes** No (1) No (2) **Yes** No (3)
-`DTD`_ retrieval **Yes** No No **Yes** No
-decompression bomb No No No No **Yes**
-========================= ======== ========= ========= ======== =========
+========================= ============== =============== ============== ============== ==============
+kind sax etree minidom pulldom xmlrpc
+========================= ============== =============== ============== ============== ==============
+billion laughs **Vulnerable** **Vulnerable** **Vulnerable** **Vulnerable** **Vulnerable**
+quadratic blowup **Vulnerable** **Vulnerable** **Vulnerable** **Vulnerable** **Vulnerable**
+external entity expansion **Vulnerable** Safe (1) Safe (2) **Vulnerable** Safe (3)
+`DTD`_ retrieval **Vulnerable** Safe Safe **Vulnerable** Safe
+decompression bomb Safe Safe Safe Safe **Vulnerable**
+========================= ============== =============== ============== ============== ==============
1. :mod:`xml.etree.ElementTree` doesn't expand external entities and raises a
:exc:`ParserError` when an entity occurs.
--
Repository URL: https://hg.python.org/cpython
More information about the Python-checkins
mailing list