Stowage/cpython
2
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-12-08 06:10:17 +00:00
Code Issues Projects Releases Packages Wiki Activity
cpython/Modules/expat
History
Bénédikt Tran bf2865f80f
[3.14] gh-90949: add Expat API to prevent XML deadly allocations (CVE-2025-59375) (GH-139234) (#139359) 
* [3.14] gh-90949: add Expat API to prevent XML deadly allocations (CVE-2025-59375) (GH-139234)

Expose the XML Expat 2.7.2 mitigation APIs to disallow use of
disproportional amounts of dynamic memory from within an Expat
parser (see CVE-2025-59375 for instance).

The exposed APIs are available on Expat parsers, that is,
parsers created by `xml.parsers.expat.ParserCreate()`, as:

- `parser.SetAllocTrackerActivationThreshold(threshold)`, and
- `parser.SetAllocTrackerMaximumAmplification(max_factor)`.

(cherry picked from commit f04bea44c3)
(cherry picked from commit 68a1778b77)
2025-11-02 09:33:36 +00:00
..
ascii.h bpo-44394: Update libexpat copy to 2.4.1 (GH-26945) 2021-08-29 16:08:24 +02:00
asciitab.h bpo-44394: Update libexpat copy to 2.4.1 (GH-26945) 2021-08-29 16:08:24 +02:00
COPYING gh-97005: Update libexpat from 2.4.7 to 2.4.9 (gh-97006) 2022-09-22 21:25:05 +09:00
expat.h [3.14] gh-139312: Update bundled libexpat to 2.7.3 (GH-139319) (#139376) 2025-09-27 08:10:07 +02:00
expat_config.h gh-115399: Upgrade bundled libexpat to 2.6.0 (#115431) 2024-02-14 16:29:06 +00:00
expat_external.h [3.14] gh-138998: Upgrade vendored expat to 2.7.2 (GH-138999) (#139024) 2025-09-17 15:41:02 +03:00
iasciitab.h bpo-44394: Update libexpat copy to 2.4.1 (GH-26945) 2021-08-29 16:08:24 +02:00
internal.h [3.14] gh-139312: Update bundled libexpat to 2.7.3 (GH-139319) (#139376) 2025-09-27 08:10:07 +02:00
latin1tab.h bpo-44394: Update libexpat copy to 2.4.1 (GH-26945) 2021-08-29 16:08:24 +02:00
nametab.h bpo-44394: Update libexpat copy to 2.4.1 (GH-26945) 2021-08-29 16:08:24 +02:00
pyexpatns.h [3.14] gh-90949: add Expat API to prevent XML deadly allocations (CVE-2025-59375) (GH-139234) (#139359) 2025-11-02 09:33:36 +00:00
refresh.sh [3.14] gh-139312: Update bundled libexpat to 2.7.3 (GH-139319) (#139376) 2025-09-27 08:10:07 +02:00
siphash.h gh-123678: Upgrade libexpat 2.6.3 (#123689) 2024-09-04 12:57:16 -07:00
utf8tab.h bpo-44394: Update libexpat copy to 2.4.1 (GH-26945) 2021-08-29 16:08:24 +02:00
winconfig.h gh-115399: Upgrade bundled libexpat to 2.6.0 (#115431) 2024-02-14 16:29:06 +00:00
xmlparse.c [3.14] gh-139312: Update bundled libexpat to 2.7.3 (GH-139319) (#139376) 2025-09-27 08:10:07 +02:00
xmlrole.c gh-115399: Upgrade bundled libexpat to 2.6.0 (#115431) 2024-02-14 16:29:06 +00:00
xmlrole.h [3.14] gh-139312: Update bundled libexpat to 2.7.3 (GH-139319) (#139376) 2025-09-27 08:10:07 +02:00
xmltok.c [3.14] gh-138998: Upgrade vendored expat to 2.7.2 (GH-138999) (#139024) 2025-09-17 15:41:02 +03:00
xmltok.h [3.14] gh-138998: Upgrade vendored expat to 2.7.2 (GH-138999) (#139024) 2025-09-17 15:41:02 +03:00
xmltok_impl.c gh-115399: Upgrade bundled libexpat to 2.6.0 (#115431) 2024-02-14 16:29:06 +00:00
xmltok_impl.h gh-98739: Update libexpat from 2.4.9 to 2.5.0 (#98742) 2022-10-27 13:45:12 -07:00
xmltok_ns.c bpo-46400: Update libexpat from 2.4.1 to 2.4.4 (GH-31022) 2022-02-13 00:29:41 +09:00