[Python-Dev] XML DoS vulnerabilities and exploits in Python
Tres Seaver
tseaver at palladion.com
Thu Feb 21 05:35:03 CET 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/20/2013 09:08 PM, Barry Warsaw wrote:
> On Feb 21, 2013, at 10:38 AM, Nick Coghlan wrote:
>
>> - make it possible to enable safer behaviour globally in at least
>> 2.7 and 3.3 (and perhaps in 2.6 and 3.2 security releases as well)
>
> I want to be fairly conservative with 2.6.9.
I believe that the same rationale should apply as that for adding hash
randomization in 2.6.8: this is at least as bad a vulnerability, with
many more vectors of attack.
Tres
- --
===================================================================
Tres Seaver +1 540-429-0999 tseaver at palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iEYEARECAAYFAlElo/cACgkQ+gerLs4ltQ4urQCg2Kyr6CKZPp35fAK1G4OtzYc+
XD8An0fJZw5DHRxg1JPe9AzcLqpvRZc5
=hmpM
-----END PGP SIGNATURE-----
More information about the Python-Dev
mailing list