Comment 25 for bug 1100282
Revision history for this message
| Thierry Carrez (ttx) wrote Re: DoS through XML entity expansion | #25 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
513534c
demo site
(Get the code!)
@Doug: I'm not sure this should be considered a Python vulnerability, unless there is no way of disabling parsing of extensions in minidom. You could argue that the default should be safer, or that documentation should be clearer...
Who do you recommend we talk to at this point ? Security team ? Christian (email?) ?