Re: [Python-Dev] XML DoS vulnerabilities and exploits in Python

Christian Heimes 2013年2月20日 14:08:31 -0800

Am 20.02.2013 22:02, schrieb Carl Meyer:
> Also, despite the title of this thread, the vulnerabilities include
> fetching of external DTDs and entities (per standard), which opens up
> attacks that are worse than just denial-of-service. In our initial
> Django release advisory we carelessly lumped the potential XML
> vulnerabilities together under the "DoS" label, and were quickly corrected.

Right, I tried to address both kinds of issues in the title:
 XML DoS vulnerabilities and (other XML) exploits
Christian
_______________________________________________
Python-Dev mailing list
[email protected]
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

• Previous message
• View by thread
• View by date
• Next message

• [Python-Dev] XML DoS vulnerabilities and exploits in Py... Christian Heimes
• • Re: [Python-Dev] XML DoS vulnerabilities and explo... Benjamin Peterson
  • • Re: [Python-Dev] XML DoS vulnerabilities and e... Christian Heimes
    • • Re: [Python-Dev] XML DoS vulnerabilities a... Maciej Fijalkowski
      • • Re: [Python-Dev] XML DoS vulnerabiliti... Skip Montanaro
        • • Re: [Python-Dev] XML DoS vulnerab... Carl Meyer
          • • Re: [Python-Dev] XML DoS vuln... Christian Heimes
            • Re: [Python-Dev] XML DoS vuln... Greg Ewing
            • • Re: [Python-Dev] XML DoS ... R. David Murray
              • Re: [Python-Dev] XML DoS ... Fred Drake
              • Re: [Python-Dev] XML DoS ... Christian Heimes
              • Re: [Python-Dev] XML DoS ... Donald Stufft
              • Re: [Python-Dev] XML DoS ... Christian Heimes
              • Re: [Python-Dev] XML DoS ... Carl Meyer
        • Re: [Python-Dev] XML DoS vulnerabiliti... Christian Heimes
        • • Re: [Python-Dev] XML DoS vulnerab... Antoine Pitrou
          • • Re: [Python-Dev] XML DoS vuln... Donald Stufft