New submission from Christian Heimes: Experimental fix for XML vulnerabilities against default. It's NOT ready and needs lots of polishing.
https://pypi.python.org/pypi/defusedxml contains explanations of all issues https://pypi.python.org/pypi/defusedexpat is a standalone version of part of the patches for Python 2.6 to 3.3 ---------- components: Extension Modules, Library (Lib), XML files: xmlbomb_20130219.patch keywords: patch messages: 182393 nosy: barry, benjamin.peterson, christian.heimes, georg.brandl, larry priority: release blocker severity: normal stage: needs patch status: open title: XML vulnerabilities in Python type: security versions: Python 2.6, Python 2.7, Python 3.1, Python 3.2, Python 3.3, Python 3.4 Added file: http://bugs.python.org/file29122/xmlbomb_20130219.patch _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue17239> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com