** Description changed: [Availability] Currently in universe [Rationale] - python-pysaml2 now depends defusedxml + python-pysaml2 now depends defusedxml in order to fix CVE-2016-10149. [Security] Only these security histories were found but all them are already fixed. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1665 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1664 [Quality assurance] - Package has a self test that are called in build/install time. + Package has a self test that are called in build/install time, but not a autopkgtests. No bug reports were found for this package in debian bugtracker. No major bugs related to it in launchpad. [Dependencies] All the dependencies are in main (python-all, python3-all, debhelper, dh-python, python-setuptools, python3-setupotools) [Standards compliance] I haven't found any FHS or Debian policy violantions [Maintenance] To be decided [Background information] Package description: XML bomb protection for Python stdlib modules The results of an attack on a vulnerable XML library can be fairly dramatic. With just a few hundred bytes of XML data an attacker can occupy several gigabytes of memory within seconds. An attacker can also keep CPUs busy for a long time with a small to medium size request. This library allows for XML to be parsed in a manner that avoids these pitfalls. This package contains the module for the Python 2 interpreter.
** Description changed: [Availability] Currently in universe [Rationale] python-pysaml2 now depends defusedxml in order to fix CVE-2016-10149. [Security] Only these security histories were found but all them are already fixed. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1665 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1664 [Quality assurance] - Package has a self test that are called in build/install time, but not a autopkgtests. + Package has a self test that are called in build/install time, but not a autopkgtests. No bug reports were found for this package in debian bugtracker. No major bugs related to it in launchpad. [Dependencies] - All the dependencies are in main (python-all, python3-all, debhelper, dh-python, python-setuptools, python3-setupotools) + All the dependencies are in main (python-all, python3-all, debhelper, dh-python, python-setuptools, python3-setuptools) [Standards compliance] I haven't found any FHS or Debian policy violantions [Maintenance] To be decided [Background information] Package description: XML bomb protection for Python stdlib modules The results of an attack on a vulnerable XML library can be fairly dramatic. With just a few hundred bytes of XML data an attacker can occupy several gigabytes of memory within seconds. An attacker can also keep CPUs busy for a long time with a small to medium size request. This library allows for XML to be parsed in a manner that avoids these pitfalls. This package contains the module for the Python 2 interpreter. ** Description changed: [Availability] Currently in universe [Rationale] python-pysaml2 now depends defusedxml in order to fix CVE-2016-10149. [Security] Only these security histories were found but all them are already fixed. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1665 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1664 [Quality assurance] Package has a self test that are called in build/install time, but not a autopkgtests. No bug reports were found for this package in debian bugtracker. No major bugs related to it in launchpad. [Dependencies] All the dependencies are in main (python-all, python3-all, debhelper, dh-python, python-setuptools, python3-setuptools) [Standards compliance] - I haven't found any FHS or Debian policy violantions + I haven't found any FHS or Debian policy violations [Maintenance] To be decided [Background information] Package description: XML bomb protection for Python stdlib modules The results of an attack on a vulnerable XML library can be fairly dramatic. With just a few hundred bytes of XML data an attacker can occupy several gigabytes of memory within seconds. An attacker can also keep CPUs busy for a long time with a small to medium size request. This library allows for XML to be parsed in a manner that avoids these pitfalls. This package contains the module for the Python 2 interpreter. ** Description changed: [Availability] Currently in universe [Rationale] python-pysaml2 now depends defusedxml in order to fix CVE-2016-10149. [Security] Only these security histories were found but all them are already fixed. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1665 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1664 [Quality assurance] - Package has a self test that are called in build/install time, but not a autopkgtests. + Package has a self test that are called in build/install time, but not an autopkgtests. No bug reports were found for this package in debian bugtracker. No major bugs related to it in launchpad. [Dependencies] All the dependencies are in main (python-all, python3-all, debhelper, dh-python, python-setuptools, python3-setuptools) [Standards compliance] I haven't found any FHS or Debian policy violations [Maintenance] To be decided [Background information] Package description: XML bomb protection for Python stdlib modules The results of an attack on a vulnerable XML library can be fairly dramatic. With just a few hundred bytes of XML data an attacker can occupy several gigabytes of memory within seconds. An attacker can also keep CPUs busy for a long time with a small to medium size request. This library allows for XML to be parsed in a manner that avoids these pitfalls. This package contains the module for the Python 2 interpreter. ** Changed in: defusedxml (Ubuntu) Assignee: Leonidas S. Barbosa (leosilvab) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1713264 Title: [MIR] defusedxml To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/defusedxml/+bug/1713264/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
