cpython

mirror of https://github.com/python/cpython.git synced 2025-12-31 12:33:28 +00:00

History

Sebastian Pipping fc9da96274 [3.11] gh-115398: Expose Expat >=2.6.0 reparse deferral API (CVE-2023-52425) (GH-115623) (#116268 ) Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding five new methods: - `xml.etree.ElementTree.XMLParser.flush` - `xml.etree.ElementTree.XMLPullParser.flush` - `xml.parsers.expat.xmlparser.GetReparseDeferralEnabled` - `xml.parsers.expat.xmlparser.SetReparseDeferralEnabled` - `xml.sax.expatreader.ExpatParser.flush` Based on the "flush" idea from #115138 (comment) . - Please treat as a security fix related to CVE-2023-52425. (cherry picked from commit `6a95676`) (cherry picked from commit `73807eb`) (cherry picked from commit `eda2963`) --------- Includes code suggested-by: Snild Dolkow <snild@sony.com> and by core dev Serhiy Storchaka. Co-authored-by: Gregory P. Smith <greg@krypto.org>		2024-03-06 14:17:02 -08:00
..
__init__.py	Remove binding of captured exceptions when not used to reduce the chances of creating cycles (GH-17246)	2019-11-19 21:34:03 +00:00
_exceptions.py	Issue #16714 : use 'raise' exceptions, don't 'throw'.	2012-12-18 21:14:22 +02:00
expatreader.py	[3.11] gh-115398: Expose Expat >=2.6.0 reparse deferral API (CVE-2023-52425) (GH-115623) (#116268 )	2024-03-06 14:17:02 -08:00
handler.py	bpo-35018: Sax parser should provide user access to lexical handlers (GH-20958)	2020-08-09 12:50:53 +02:00
saxutils.py	bpo-31658: Make xml.sax.parse accepting Path objects (GH-8564)	2019-04-14 11:16:54 +02:00
xmlreader.py	Issue #2175 : SAX parsers now support a character stream of InputSource object.	2015-04-02 21:00:13 +03:00