[Python-Dev] cpython (2.7): Issue 17538: Document XML vulnerabilties (original) (raw)

Antoine Pitrou solipsis at pitrou.net
Tue Mar 26 19:41:46 CET 2013

• Previous message: [Python-Dev] [RELEASED] Python 3.2.4 rc 1 and Python 3.3.1 rc 1
• Next message: [Python-Dev] cpython (2.7): Issue 17538: Document XML vulnerabilties
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 26 Mar 2013 17:53:39 +0100 (CET) christian.heimes <python-checkins at python.org> wrote:

+ +The XML processing modules are not secure against maliciously constructed data. +An attacker can abuse vulnerabilities for e.g. denial of service attacks, to +access local files, to generate network connections to other machines, or +to or circumvent firewalls.

Really? Where does the "access local files, generate network connections, circumvent firewalls" allegation come from?

Regards

Antoine.

• Previous message: [Python-Dev] [RELEASED] Python 3.2.4 rc 1 and Python 3.3.1 rc 1
• Next message: [Python-Dev] cpython (2.7): Issue 17538: Document XML vulnerabilties
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list