[Python-checkins] cpython (3.5): Issue #18789: Update XML vulnerability table to use Safe/Vulnerable instead of

guido.van.rossum python-checkins at python.org
Thu Oct 13 17:33:11 EDT 2016

• Previous message (by thread): [Python-checkins] cpython (3.5): Issue #26869: Document unittest.TestCase.longMessage. (Mariatta)
• Next message (by thread): [Python-checkins] cpython (2.7): Issue #18789: Update XML vulnerability table to use Safe/Vulnerable instead of
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

https://hg.python.org/cpython/rev/e05c546062a1
changeset: 104481:e05c546062a1
branch: 3.5
parent: 104478:7eb4fe57492f
user: Guido van Rossum <guido at python.org>
date: Thu Oct 13 14:31:50 2016 -0700
summary:
 Issue #18789: Update XML vulnerability table to use Safe/Vulnerable instead of No/Yes.
files:
 Doc/library/xml.rst | 18 +++++++++---------
 1 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/Doc/library/xml.rst b/Doc/library/xml.rst
--- a/Doc/library/xml.rst
+++ b/Doc/library/xml.rst
@@ -60,15 +60,15 @@
 The following table gives an overview of the known attacks and whether
 the various modules are vulnerable to them.
 
-========================= ======== ========= ========= ======== =========
-kind sax etree minidom pulldom xmlrpc
-========================= ======== ========= ========= ======== =========
-billion laughs **Yes** **Yes** **Yes** **Yes** **Yes**
-quadratic blowup **Yes** **Yes** **Yes** **Yes** **Yes**
-external entity expansion **Yes** No (1) No (2) **Yes** No (3)
-`DTD`_ retrieval **Yes** No No **Yes** No
-decompression bomb No No No No **Yes**
-========================= ======== ========= ========= ======== =========
+========================= ============== =============== ============== ============== ==============
+kind sax etree minidom pulldom xmlrpc
+========================= ============== =============== ============== ============== ==============
+billion laughs **Vulnerable** **Vulnerable** **Vulnerable** **Vulnerable** **Vulnerable**
+quadratic blowup **Vulnerable** **Vulnerable** **Vulnerable** **Vulnerable** **Vulnerable**
+external entity expansion **Vulnerable** Safe (1) Safe (2) **Vulnerable** Safe (3)
+`DTD`_ retrieval **Vulnerable** Safe Safe **Vulnerable** Safe
+decompression bomb Safe Safe Safe Safe **Vulnerable**
+========================= ============== =============== ============== ============== ==============
 
 1. :mod:`xml.etree.ElementTree` doesn't expand external entities and raises a
 :exc:`ParserError` when an entity occurs.
-- 
Repository URL: https://hg.python.org/cpython

---

• Previous message (by thread): [Python-checkins] cpython (3.5): Issue #26869: Document unittest.TestCase.longMessage. (Mariatta)
• Next message (by thread): [Python-checkins] cpython (2.7): Issue #18789: Update XML vulnerability table to use Safe/Vulnerable instead of
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

More information about the Python-checkins mailing list