Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://python-security.readthedocs.io/vuln/xml-pakage-ignore-environment.html below:

xml package does not obey ignore_environment — Python Security 0.0 documentation

Warning

This resource is maintained for historical reference and does not contain the latest vulnerability info for Python.

The canonical database for vulnerabilities affecting Python is available on GitHub in the Open Source Vulnerability (OSV) format. This database can be viewed online at the Open Source Vulnerability Database.

On two occasions, the xml package uses environment variables to override parser / DOM implementations: xml.sax package and xml.dom.domreg module. On both occasions, the code should not use env vars to override module names, when the interpreter is started with flags like -E or -I.

Dates:

• Disclosure date: 2018-09-24 (Python issue bpo-34791 reported)

• Python 2.7.16 (2019-03-02) fixed by commit 2546ac8 (branch 2.7) (2018-10-19)

• Python 3.4.10 (2019-03-18) fixed by commit 765d333 (branch 3.4) (2019-02-25)

• Python 3.5.7 (2019-03-18) fixed by commit 7cd08cf (branch 3.5) (2019-02-26)

• Python 3.6.8 (2018-12-23) fixed by commit 5e808f9 (branch 3.6) (2018-10-19)

• Python 3.7.2 (2018-12-23) fixed by commit c119d59 (branch 3.7) (2018-10-19)

• Python 3.8.0 (2019-10-14) fixed by commit 223e501 (branch 3.8) (2018-09-24)

xml package does not obey sys.flags.ignore_environment.

• Python issue: bpo-34791

• Creation date: 2018-09-24

• Reporter: Christian Heimes

Timeline using the disclosure date 2018-09-24 as reference:

• 2018-09-24: Python issue bpo-34791 reported by Christian Heimes

• 2018-09-24: commit 223e501 (branch 3.8)

• 2018-10-19 (+25 days): commit 2546ac8 (branch 2.7)

• 2018-10-19 (+25 days): commit 5e808f9 (branch 3.6)

• 2018-10-19 (+25 days): commit c119d59 (branch 3.7)

• 2018-12-23 (+90 days): Python 3.6.8 released

• 2018-12-23 (+90 days): Python 3.7.2 released

• 2019-02-25 (+154 days): commit 765d333 (branch 3.4)

• 2019-02-26 (+155 days): commit 7cd08cf (branch 3.5)

• 2019-03-02 (+159 days): Python 2.7.16 released

• 2019-03-18 (+175 days): Python 3.4.10 released

• 2019-03-18 (+175 days): Python 3.5.7 released

• 2019-10-14: Python 3.8.0 released

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4