[Python-Dev] XML DoS vulnerabilities and exploits in Python (original) (raw)

Maciej Fijalkowski fijall at gmail.com
Thu Feb 21 17:00:02 CET 2013

• Previous message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
• Next message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Feb 21, 2013 at 6:35 AM, Tres Seaver <tseaver at palladion.com> wrote:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On 02/20/2013 09:08 PM, Barry Warsaw wrote: On Feb 21, 2013, at 10:38 AM, Nick Coghlan wrote:

- make it possible to enable safer behaviour globally in at least 2.7 and 3.3 (and perhaps in 2.6 and 3.2 security releases as well) I want to be fairly conservative with 2.6.9. I believe that the same rationale should apply as that for adding hash randomization in 2.6.8: this is at least as bad a vulnerability, with many more vectors of attack.

FYI the hash randomization is broken (it only allows 256 really different hashes)

• Previous message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
• Next message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list