Bug#705691: ITP: defusedxml -- XML bomb protection for Python stdlib modules

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#705691: ITP: defusedxml -- XML bomb protection for Python stdlib modules
From: Luke Faraone <lfaraone@debian.org>
Date: Thu, 18 Apr 2013 11:46:19 -0400
Message-id: <[🔎] 20130418154619.27128.72164.reportbug@COBALT.MIT.EDU>
Reply-to: Luke Faraone <lfaraone@debian.org>, 705691@bugs.debian.org

Package: wnpp
Severity: wishlist
Owner: Luke Faraone <lfaraone@debian.org>

* Package name    : defusedxml
  Version         : 0.4.1
  Upstream Author : Christian Heimes <christian@python.org>
* URL             : https://pypi.python.org/pypi/defusedxml
* License         : Python
  Programming Lang: Python
  Description     : XML bomb protection for Python stdlib modules

The results of an attack on a vulnerable XML library can be fairly dramatic.
With just a few hundred bytes of XML data an attacker can occupy several
gigabytes of memory within seconds. An attacker can also keep
CPUs busy for a long time with a small to medium size request.

This library allows for XML to be parsed in a manner that avoids these
pitfalls.

Reply to:

Follow-Ups:
- Bug#705691: marked as done (ITP: defusedxml -- XML bomb protection for Python stdlib modules)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#705006: marked as done (ITP: libtype-tiny-perl -- tiny, yet Moo(se)-compatible type constraint)
Next by Date: Processed: tagging 705691
Previous by thread: Bug#703359: marked as done (ITP: ruby-mobile-fu -- allows detecting mobile devices that access a Rails application)
Next by thread: Bug#705691: marked as done (ITP: defusedxml -- XML bomb protection for Python stdlib modules)
Index(es):
- Date
- Thread