[Bug 1713264] Re: [MIR] defusedxml
Matthias Klose
doko at ubuntu.com
Thu Aug 31 10:51:43 UTC 2017
Override component to main
defusedxml 0.5.0-1ubuntu1 in artful: universe/misc -> main
python-defusedxml 0.5.0-1ubuntu1 in artful amd64: universe/python/optional/100% -> main
python-defusedxml 0.5.0-1ubuntu1 in artful arm64: universe/python/optional/100% -> main
python-defusedxml 0.5.0-1ubuntu1 in artful armhf: universe/python/optional/100% -> main
python-defusedxml 0.5.0-1ubuntu1 in artful i386: universe/python/optional/100% -> main
python-defusedxml 0.5.0-1ubuntu1 in artful ppc64el: universe/python/optional/100% -> main
python-defusedxml 0.5.0-1ubuntu1 in artful s390x: universe/python/optional/100% -> main
python3-defusedxml 0.5.0-1ubuntu1 in artful amd64: universe/python/optional/100% -> main
python3-defusedxml 0.5.0-1ubuntu1 in artful arm64: universe/python/optional/100% -> main
python3-defusedxml 0.5.0-1ubuntu1 in artful armhf: universe/python/optional/100% -> main
python3-defusedxml 0.5.0-1ubuntu1 in artful i386: universe/python/optional/100% -> main
python3-defusedxml 0.5.0-1ubuntu1 in artful ppc64el: universe/python/optional/100% -> main
python3-defusedxml 0.5.0-1ubuntu1 in artful s390x: universe/python/optional/100% -> main
13 publications overridden.
** Changed in: defusedxml (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1713264
Title:
[MIR] defusedxml
Status in defusedxml package in Ubuntu:
Fix Released
Bug description:
[Availability]
Currently in universe
[Rationale]
python-pysaml2 now depends defusedxml in order to fix CVE-2016-10149.
[Security]
Only these security histories were found but all them are already fixed.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1665
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1664
[Quality assurance]
Package has a self test that are called in build/install time, but not an autopkgtests.
No bug reports were found for this package in debian bugtracker.
No major bugs related to it in launchpad.
[Dependencies]
All the dependencies are in main (python-all, python3-all, debhelper, dh-python, python-setuptools, python3-setuptools)
[Standards compliance]
I haven't found any FHS or Debian policy violations
[Maintenance]
Ubuntu-openstack
[Background information]
Package description: XML bomb protection for Python stdlib modules
The results of an attack on a vulnerable XML library can be fairly
dramatic. With just a few hundred bytes of XML data an attacker can occupy several
gigabytes of memory within seconds. An attacker can also keep
CPUs busy for a long time with a small to medium size request.
This library allows for XML to be parsed in a manner that avoids these
pitfalls. This package contains the module for the Python 2 interpreter.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/defusedxml/+bug/1713264/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list