On Feb 21, 2013, at 5:32 AM, Antoine Pitrou <solipsis at pitrou.net> wrote: > Le Thu, 21 Feb 2013 11:18:35 +0100, > Christian Heimes <christian at python.org> a écrit : >> Am 21.02.2013 08:42, schrieb Antoine Pitrou: >>> Sure, but in many instances, rebooting a machine is not >>> business-threatening. You will have a couple of minutes' downtime >>> and that's all. Which is why the attack must be repeated many times >>> to be a major annoyance. >> >> Is this business-threatening enough? >> >> https://pypi.python.org/pypi/defusedxml#external-entity-expansion-remote > > You haven't proved that these were actual threats, nor how they > actually worked. I'm gonna remain skeptical if there isn't anything > more precise than "It highly depends on the parser and the application > what kind of exploit is possible". > > Regards > > Antoine. > I guess someone need to write a proof of concept exploit for you and release it into the wild. Ok > > _______________________________________________ > Python-Dev mailing list > Python-Dev at python.org > http://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: http://mail.python.org/mailman/options/python-dev/jnoller%40gmail.com
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4