[Bug 1713264] Re: [MIR] defusedxml
James Page
james.page at ubuntu.com
Thu Aug 31 09:10:11 UTC 2017
Update with amended d/copyright uploaded to artful; I'll submit that
back to Debian as well.
** Changed in: defusedxml (Ubuntu)
Status: Incomplete => New
** Changed in: defusedxml (Ubuntu)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1713264
Title:
[MIR] defusedxml
Status in defusedxml package in Ubuntu:
New
Bug description:
[Availability]
Currently in universe
[Rationale]
python-pysaml2 now depends defusedxml in order to fix CVE-2016-10149.
[Security]
Only these security histories were found but all them are already fixed.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1665
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1664
[Quality assurance]
Package has a self test that are called in build/install time, but not an autopkgtests.
No bug reports were found for this package in debian bugtracker.
No major bugs related to it in launchpad.
[Dependencies]
All the dependencies are in main (python-all, python3-all, debhelper, dh-python, python-setuptools, python3-setuptools)
[Standards compliance]
I haven't found any FHS or Debian policy violations
[Maintenance]
Ubuntu-openstack
[Background information]
Package description: XML bomb protection for Python stdlib modules
The results of an attack on a vulnerable XML library can be fairly
dramatic. With just a few hundred bytes of XML data an attacker can occupy several
gigabytes of memory within seconds. An attacker can also keep
CPUs busy for a long time with a small to medium size request.
This library allows for XML to be parsed in a manner that avoids these
pitfalls. This package contains the module for the Python 2 interpreter.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/defusedxml/+bug/1713264/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list