gh-115398: Expose Expat >=2.6.0 reparse deferral API (CVE-2023-52425) by hartwork · Pull Request #115623 · python/cpython (original) (raw)
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
[ Show hidden characters]({{ revealButtonHref }})
gpshead added a commit that referenced this pull request
…-52425) (GH-115623) (GH-116248)
Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding five new methods:
xml.etree.ElementTree.XMLParser.flushxml.etree.ElementTree.XMLPullParser.flushxml.parsers.expat.xmlparser.GetReparseDeferralEnabledxml.parsers.expat.xmlparser.SetReparseDeferralEnabledxml.sax.expatreader.ExpatParser.flush
Based on the "flush" idea from #115138 (comment) .
- Please treat as a security fix related to CVE-2023-52425.
(cherry picked from commit 6a95676) (cherry picked from commit 73807eb) (cherry picked from commit eda2963)
Includes code suggested-by: Snild Dolkow snild@sony.com and by core dev Serhiy Storchaka. Co-authored-by: Gregory P. Smith greg@krypto.org
hartwork added a commit to hartwork/cpython that referenced this pull request
Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding five new methods:
xml.etree.ElementTree.XMLParser.flushxml.etree.ElementTree.XMLPullParser.flushxml.parsers.expat.xmlparser.GetReparseDeferralEnabledxml.parsers.expat.xmlparser.SetReparseDeferralEnabledxml.sax.expatreader.ExpatParser.flush
Based on the "flush" idea from python#115138 (comment) .
- Please treat as a security fix related to CVE-2023-52425.
Includes code suggested-by: Snild Dolkow snild@sony.com and by core dev Serhiy Storchaka.
(cherry picked from commit 6a95676)
gpshead added a commit that referenced this pull request
…-52425) (GH-115623) (#116268)
Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding five new methods:
xml.etree.ElementTree.XMLParser.flushxml.etree.ElementTree.XMLPullParser.flushxml.parsers.expat.xmlparser.GetReparseDeferralEnabledxml.parsers.expat.xmlparser.SetReparseDeferralEnabledxml.sax.expatreader.ExpatParser.flush
Based on the "flush" idea from #115138 (comment) .
- Please treat as a security fix related to CVE-2023-52425.
(cherry picked from commit 6a95676) (cherry picked from commit 73807eb) (cherry picked from commit eda2963)
Includes code suggested-by: Snild Dolkow snild@sony.com and by core dev Serhiy Storchaka. Co-authored-by: Gregory P. Smith greg@krypto.org
ambv pushed a commit that referenced this pull request
…-52425) (GH-115623) (GH-116270)
Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding five new methods:
xml.etree.ElementTree.XMLParser.flushxml.etree.ElementTree.XMLPullParser.flushxml.parsers.expat.xmlparser.GetReparseDeferralEnabledxml.parsers.expat.xmlparser.SetReparseDeferralEnabledxml.sax.expatreader.ExpatParser.flush
Based on the "flush" idea from #115138 (comment) .
Includes code suggested-by: Snild Dolkow snild@sony.com and by core dev Serhiy Storchaka.
Co-authored-by: Gregory P. Smith greg@krypto.org
ambv pushed a commit that referenced this pull request
…52425) (GH-115623) (GH-116272)
Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding five new methods:
xml.etree.ElementTree.XMLParser.flushxml.etree.ElementTree.XMLPullParser.flushxml.parsers.expat.xmlparser.GetReparseDeferralEnabledxml.parsers.expat.xmlparser.SetReparseDeferralEnabledxml.sax.expatreader.ExpatParser.flush
Based on the "flush" idea from #115138 (comment) .
Includes code suggested-by: Snild Dolkow snild@sony.com and by core dev Serhiy Storchaka.
Co-authored-by: Gregory P. Smith greg@krypto.org
ambv pushed a commit that referenced this pull request
…52425) (GH-115623) (GH-116275)
Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding five new methods:
xml.etree.ElementTree.XMLParser.flushxml.etree.ElementTree.XMLPullParser.flushxml.parsers.expat.xmlparser.GetReparseDeferralEnabledxml.parsers.expat.xmlparser.SetReparseDeferralEnabledxml.sax.expatreader.ExpatParser.flush
Based on the "flush" idea from #115138 (comment) .
Includes code suggested-by: Snild Dolkow snild@sony.com and by core dev Serhiy Storchaka.
Co-authored-by: Gregory P. Smith greg@krypto.org
adorilson pushed a commit to adorilson/cpython that referenced this pull request
Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding five new methods:
xml.etree.ElementTree.XMLParser.flushxml.etree.ElementTree.XMLPullParser.flushxml.parsers.expat.xmlparser.GetReparseDeferralEnabledxml.parsers.expat.xmlparser.SetReparseDeferralEnabledxml.sax.expatreader.ExpatParser.flush
Based on the "flush" idea from python#115138 (comment) .
Notes
- Please treat as a security fix related to CVE-2023-52425.
Includes code suggested-by: Snild Dolkow snild@sony.com and by core dev Serhiy Storchaka.
adorilson pushed a commit to adorilson/cpython that referenced this pull request
…nabled addition (pythonGH-116301)
- Increment PyExpat_CAPI_MAGIC due to SetReparseDeferralEnabled addition.
This is a followup to git commit 6a95676 from Github PR python#115623.
- RESTify news API list.
diegorusso pushed a commit to diegorusso/cpython that referenced this pull request
Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding five new methods:
xml.etree.ElementTree.XMLParser.flushxml.etree.ElementTree.XMLPullParser.flushxml.parsers.expat.xmlparser.GetReparseDeferralEnabledxml.parsers.expat.xmlparser.SetReparseDeferralEnabledxml.sax.expatreader.ExpatParser.flush
Based on the "flush" idea from python#115138 (comment) .
Notes
- Please treat as a security fix related to CVE-2023-52425.
Includes code suggested-by: Snild Dolkow snild@sony.com and by core dev Serhiy Storchaka.
diegorusso pushed a commit to diegorusso/cpython that referenced this pull request
…nabled addition (pythonGH-116301)
- Increment PyExpat_CAPI_MAGIC due to SetReparseDeferralEnabled addition.
This is a followup to git commit 6a95676 from Github PR python#115623.
- RESTify news API list.