Stowage/cpython
2
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-12-31 04:23:37 +00:00
Code Issues Projects Releases Packages Wiki Activity
cpython/Lib/xml/etree
History
Exact
Sebastian Pipping fc9da96274
[3.11] gh-115398: Expose Expat >=2.6.0 reparse deferral API (CVE-2023-52425) (GH-115623) (#116268) 
Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding five new methods:

- `xml.etree.ElementTree.XMLParser.flush`
- `xml.etree.ElementTree.XMLPullParser.flush`
- `xml.parsers.expat.xmlparser.GetReparseDeferralEnabled`
- `xml.parsers.expat.xmlparser.SetReparseDeferralEnabled`
- `xml.sax.expatreader.ExpatParser.flush`

Based on the "flush" idea from #115138 (comment) .

- Please treat as a security fix related to CVE-2023-52425.

(cherry picked from commit 6a95676)
(cherry picked from commit 73807eb)
(cherry picked from commit eda2963)

---------

Includes code suggested-by: Snild Dolkow <snild@sony.com>
and by core dev Serhiy Storchaka.
Co-authored-by: Gregory P. Smith <greg@krypto.org>
2024-03-06 14:17:02 -08:00
..
__init__.py Update URLs in comments and metadata to use HTTPS (GH-27458) 2021-07-30 15:54:46 +02:00
cElementTree.py bpo-36543: Revert "bpo-36543: Remove the xml.etree.cElementTree module." (GH-20117) 2020-06-10 17:39:12 +02:00
ElementInclude.py Update URLs in comments and metadata to use HTTPS (GH-27458) 2021-07-30 15:54:46 +02:00
ElementPath.py gh-91447: Fix findtext to only give an empty string on None (GH-91486) 2022-08-01 14:22:33 -07:00
ElementTree.py [3.11] gh-115398: Expose Expat >=2.6.0 reparse deferral API (CVE-2023-52425) (GH-115623) (#116268) 2024-03-06 14:17:02 -08:00