[Python-Dev] XML DoS vulnerabilities and exploits in Python

Benjamin Peterson benjamin at python.org
Wed Feb 20 17:25:29 CET 2013

2013/2/19 Christian Heimes <christian at python.org>:
> Hello,
> in August 2012 I found a DoS vulnerability in expat and XML libraries in
> Python's standard library. Since then I have found several more issues.
> I have been working on fixes ever since.
> The README of https://pypi.python.org/pypi/defusedxml contains detailed
> explanations of my research and all issues
> Blog post:
> http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html
> Hotfixes:
> https://pypi.python.org/pypi/defusedxml
> https://pypi.python.org/pypi/defusedexpat

Are these going to become patches for Python, too?


More information about the Python-Dev mailing list