cpython

mirror of https://github.com/python/cpython synced 2024-10-14 22:28:32 +00:00

History

Sebastian Pipping 0a01ed6c2a [3.12] gh-115398: Expose Expat >=2.6.0 reparse deferral API (CVE-2023-52425) (GH-115623) (GH-116248) Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding five new methods: - `xml.etree.ElementTree.XMLParser.flush` - `xml.etree.ElementTree.XMLPullParser.flush` - `xml.parsers.expat.xmlparser.GetReparseDeferralEnabled` - `xml.parsers.expat.xmlparser.SetReparseDeferralEnabled` - `xml.sax.expatreader.ExpatParser.flush` Based on the "flush" idea from https://github.com/python/cpython/pull/115138#issuecomment-1932444270 . - Please treat as a security fix related to CVE-2023-52425. (cherry picked from commit `6a95676bb5`) (cherry picked from commit `73807eb634`) (cherry picked from commit `eda2963378`) --------- Includes code suggested-by: Snild Dolkow <snild@sony.com> and by core dev Serhiy Storchaka. Co-authored-by: Gregory P. Smith <greg@krypto.org>		2024-03-06 22:01:45 +00:00
..
__init__.py
_exceptions.py
expatreader.py	[3.12] gh-115398: Expose Expat >=2.6.0 reparse deferral API (CVE-2023-52425) (GH-115623) (GH-116248)	2024-03-06 22:01:45 +00:00
handler.py
saxutils.py
xmlreader.py