[xml-sig] Hash DoS in PyXML
kseifried at redhat.com
Wed Feb 22 00:20:25 CET 2012
Apologies if this is the incorrect email contact point, if so can you
please let me know whom to contact instead?
I'm writing to you about the Hash DoS vulnerability
(http://www.ocert.org/advisories/ocert-2011-003.html). It appears that
PyXML is affected by this issue however I'm not sure yet if the Python
hash DoS fixes correct it (PyXML appears to also have an embedded copy
of expat). I was wondering if you were aware of this issue and if it's
being looked into. Thanks in advance.
Kurt Seifried Red Hat Security Response Team (SRT)
More information about the xml-sig