[issue42051] [security] Avoid plistlib XML vulnerabilities by rejecting entity directives

2020-10-26 Thread STINNER Victor 


STINNER Victor  added the comment:

Thanks Ronald Oussoren for the fix. It's better to fix a vulnerability (denial 
of service in this case) rather than documenting it :-)

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42051] [security] Avoid plistlib XML vulnerabilities by rejecting entity directives

2020-10-19 Thread Ned Deily 


Change by Ned Deily :


--
keywords: +security_issue
resolution:  -> fixed
stage: patch review -> resolved
status: open -> closed
title: plistlib inherits XML vulnerabilities: we should document them -> 
[security] Avoid plistlib XML vulnerabilities by rejecting entity directives
versions: +Python 3.6, Python 3.7

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com