cpython.git - https://github.com/python/cpython.git

diff options

author	Sebastian Pipping <sebastian@pipping.org>	2024-03-06 22:01:45 (GMT)
committer	GitHub <noreply@github.com>	2024-03-06 22:01:45 (GMT)
commit	0a01ed6c2a116bd3e174fce33c21d84d650de569 (patch)
tree	4172262e4a616c388212b133b9840eafa7c12932 /Lib/http/cookiejar.py
parent	2528e46470162dd12a625ccb5dfe35fb7bcac1d3 (diff)
download	cpython-0a01ed6c2a116bd3e174fce33c21d84d650de569.zip cpython-0a01ed6c2a116bd3e174fce33c21d84d650de569.tar.gz cpython-0a01ed6c2a116bd3e174fce33c21d84d650de569.tar.bz2

[3.12] gh-115398: Expose Expat >=2.6.0 reparse deferral API (CVE-2023-52425) (GH-115623) (GH-116248)

Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding five new methods: - `xml.etree.ElementTree.XMLParser.flush` - `xml.etree.ElementTree.XMLPullParser.flush` - `xml.parsers.expat.xmlparser.GetReparseDeferralEnabled` - `xml.parsers.expat.xmlparser.SetReparseDeferralEnabled` - `xml.sax.expatreader.ExpatParser.flush` Based on the "flush" idea from https://github.com/python/cpython/pull/115138#issuecomment-1932444270 . - Please treat as a security fix related to CVE-2023-52425. (cherry picked from commit 6a95676bb526261434dd068d6c49927c44d24a9b) (cherry picked from commit 73807eb634315f70a464a18feaae33d9e065de09) (cherry picked from commit eda2963378a3c292cf6bb202bb00e94e46ee6d90) --------- Includes code suggested-by: Snild Dolkow <snild@sony.com> and by core dev Serhiy Storchaka. Co-authored-by: Gregory P. Smith <greg@krypto.org>

Diffstat (limited to 'Lib/http/cookiejar.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: