Le Thu, 21 Feb 2013 11:18:35 +0100, Christian Heimes <christ...@python.org> a écrit : > Am 21.02.2013 08:42, schrieb Antoine Pitrou: > > Sure, but in many instances, rebooting a machine is not > > business-threatening. You will have a couple of minutes' downtime > > and that's all. Which is why the attack must be repeated many times > > to be a major annoyance. > > Is this business-threatening enough? > > https://pypi.python.org/pypi/defusedxml#external-entity-expansion-remote
You haven't proved that these were actual threats, nor how they actually worked. I'm gonna remain skeptical if there isn't anything more precise than "It highly depends on the parser and the application what kind of exploit is possible". Regards Antoine. _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
