cpython.git - https://github.com/python/cpython.git

diff options

author	Sebastian Pipping <sebastian@pipping.org>	2024-02-29 22:52:50 (GMT)
committer	GitHub <noreply@github.com>	2024-02-29 22:52:50 (GMT)
commit	6a95676bb526261434dd068d6c49927c44d24a9b (patch)
tree	e610bee9b3ca230b4e157745ebbe38c8a9923f89 /Modules/winreparse.h
parent	d01886c5c9e3a62921b304ba7e5145daaa56d3cf (diff)
download	cpython-6a95676bb526261434dd068d6c49927c44d24a9b.zip cpython-6a95676bb526261434dd068d6c49927c44d24a9b.tar.gz cpython-6a95676bb526261434dd068d6c49927c44d24a9b.tar.bz2

gh-115398: Expose Expat >=2.6.0 reparse deferral API (CVE-2023-52425) (GH-115623)

Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding five new methods: - `xml.etree.ElementTree.XMLParser.flush` - `xml.etree.ElementTree.XMLPullParser.flush` - `xml.parsers.expat.xmlparser.GetReparseDeferralEnabled` - `xml.parsers.expat.xmlparser.SetReparseDeferralEnabled` - `xml.sax.expatreader.ExpatParser.flush` Based on the "flush" idea from https://github.com/python/cpython/pull/115138#issuecomment-1932444270 . ### Notes - Please treat as a security fix related to CVE-2023-52425. Includes code suggested-by: Snild Dolkow <snild@sony.com> and by core dev Serhiy Storchaka.

Diffstat (limited to 'Modules/winreparse.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: