[New-bugs-announce] [issue17239] XML vulnerabilities in Python

Christian Heimes report at bugs.python.org
Tue Feb 19 16:35:41 CET 2013

New submission from Christian Heimes:

Experimental fix for XML vulnerabilities against default. It's NOT ready and needs lots of polishing.

https://pypi.python.org/pypi/defusedxml contains explanations of all issues
https://pypi.python.org/pypi/defusedexpat is a standalone version of part of the patches for Python 2.6 to 3.3

components: Extension Modules, Library (Lib), XML
files: xmlbomb_20130219.patch
keywords: patch
messages: 182393
nosy: barry, benjamin.peterson, christian.heimes, georg.brandl, larry
priority: release blocker
severity: normal
stage: needs patch
status: open
title: XML vulnerabilities in Python
type: security
versions: Python 2.6, Python 2.7, Python 3.1, Python 3.2, Python 3.3, Python 3.4
Added file: http://bugs.python.org/file29122/xmlbomb_20130219.patch

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list