20 Feb
2013
20 Feb
'13
4:25 p.m.
2013/2/19 Christian Heimes
Hello,
in August 2012 I found a DoS vulnerability in expat and XML libraries in Python's standard library. Since then I have found several more issues. I have been working on fixes ever since.
The README of https://pypi.python.org/pypi/defusedxml contains detailed explanations of my research and all issues
Blog post: http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html
Hotfixes: https://pypi.python.org/pypi/defusedxml https://pypi.python.org/pypi/defusedexpat
Are these going to become patches for Python, too? -- Regards, Benjamin