Bug#705691: ITP: defusedxml -- XML bomb protection for Python stdlib modules
Package: wnpp
Severity: wishlist
Owner: Luke Faraone <lfaraone@debian.org>
* Package name : defusedxml
Version : 0.4.1
Upstream Author : Christian Heimes <christian@python.org>
* URL : https://pypi.python.org/pypi/defusedxml
* License : Python
Programming Lang: Python
Description : XML bomb protection for Python stdlib modules
The results of an attack on a vulnerable XML library can be fairly dramatic.
With just a few hundred bytes of XML data an attacker can occupy several
gigabytes of memory within seconds. An attacker can also keep
CPUs busy for a long time with a small to medium size request.
This library allows for XML to be parsed in a manner that avoids these
pitfalls.
Reply to: