On Mar 26, 2013, at 2:41 PM, Antoine Pitrou <solip...@pitrou.net> wrote:
> On Tue, 26 Mar 2013 17:53:39 +0100 (CET) > christian.heimes <python-check...@python.org> wrote: >> + >> +The XML processing modules are not secure against maliciously constructed >> data. >> +An attacker can abuse vulnerabilities for e.g. denial of service attacks, to >> +access local files, to generate network connections to other machines, or >> +to or circumvent firewalls. > > Really? Where does the "access local files, generate network > connections, circumvent firewalls" allegation come from? https://pypi.python.org/pypi/defusedxml#external-entity-expansion-remote https://pypi.python.org/pypi/defusedxml#external-entity-expansion-local-file https://pypi.python.org/pypi/defusedxml#dtd-retrieval > > Regards > > Antoine. > > > _______________________________________________ > Python-Dev mailing list > Python-Dev@python.org > http://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: > http://mail.python.org/mailman/options/python-dev/donald%40stufft.io ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com