[xml-sig] Hash DoS in PyXML

martin at v.loewis.de martin at v.loewis.de
Thu Aug 16 14:15:37 CEST 2012

> I'm writing to you about the Hash DoS vulnerability
> (http://www.ocert.org/advisories/ocert-2011-003.html). It appears that
> PyXML is affected by this issue however I'm not sure yet if the Python
> hash DoS fixes correct it (PyXML appears to also have an embedded copy
> of expat). I was wondering if you were aware of this issue and if it's
> being looked into. Thanks in advance.

I am aware of the issue, and it's *not* being looked into, and it will
*not* be fixed. PyXML is no longer maintained (and hasn't been for nearly
a decade).


More information about the xml-sig mailing list