Hi Mattia, Actually I havent. Looks like minidom is vulnerable to both [billion laughs] and [quadratic blowup].
Should we migrate to defusexml? What you think? (: 2017-07-21 14:22 GMT-03:00 Mattia Rizzolo <mat...@debian.org>: > On Fri, Jul 21, 2017 at 10:48:07AM +0100, Chris Lamb wrote: > > … And I've now also merged the code into our Git repo. Thanks! > > Did you both go through > https://docs.python.org/3/library/xml.html#xml-vulnerabilities and > decided that the standard minidom was safe for our usages? > > -- > regards, > Mattia Rizzolo > > GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. > more about me: https://mapreri.org : :' : > Launchpad user: https://launchpad.net/~mapreri `. `'` > Debian QA page: https://qa.debian.org/developer.php?login=mattia `- >
