python installer that we use: pywin32-218.win-amd64-py2.7.exe
lxml --> lxml-3.3.4.win-amd64-py2.7.exe (it comes with 2.9.0 version of libxml2)
Regards,
Swarna
On Tue, Sep 5, 2017 at 11:59 PM, Stefan Behnel <stefan_ml@behnel.de> wrote:
Hi,
Swarnalatha Kannan schrieb am 05.09.2017 um 17:55:
> I would like to know if security vulnerabilities on libxml2 holds good for
> lxml. We are using lxml-3.3.4.win-amd64-py2.7.exe in our project. After
> installation, I could only see .h files inside libxml fodler of lxml.
> (C:\Python27\Lib\site-packages\lxml\includes\libxml). I would like to know The header files are only there for external code that wants to compile
> about the implementations of these header file functions. Because most of
> the vulnerabilities mentioned are part of .c files. Kindly get back.
against lxml. What you are interested in is the libxml2 version that the
Windows binaries include. You can look that up in lxml itself:
print("%-20s: %s" % ('lxml.etree', etree.LXML_VERSION))
print("%-20s: %s" % ('libxml used', etree.LIBXML_VERSION))
print("%-20s: %s" % ('libxml compiled', etree.LIBXML_COMPILED_VERSION))
print("%-20s: %s" % ('libxslt used', etree.LIBXSLT_VERSION))
print("%-20s: %s" % ('libxslt compiled', etree.LIBXSLT_COMPILED_VERSION))
lxml 3.3.4 is hugely old and probably comes with some 2.7.x version of
libxml2, maybe 2.7.8. These old versions have bugs that most likely include
security relevant ones.
I recomment switching to Python 3.5 or 3.6. The corresponding lxml wheels
for Windows come with more recent library versions.
Stefan
____________________________________________________________ _____
Mailing list for the lxml Python XML toolkit - http://lxml.de/
lxml@lxml.de
https://mailman-mail5.webfaction.com/listinfo/lxml