This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author Jim.Jewett
Recipients Arfrever, Jim.Jewett, amaury.forgeotdarc, barry, benjamin.peterson, dmalcolm, georg.brandl, gregory.p.smith, pitrou, python-dev
Date 2012-03-15.20:50:27
SpamBayes Score 0.081326656
Marked as misclassified No
Message-id <1331844628.28.0.456246716545.issue14234@psf.upfronthosting.co.za>
In-reply-to
Content 
Looking at http://sourceforge.net/projects/expat/files/expat/2.1.0/, so long as XML_ATTR_INFO isn't defined at compile time, the changes are all considered bugfixes, and the XML_SetHashSalt is the only other changed API.

Is a potential Denial of Service really worse than a crash, such as these fixed bugs:

http://sourceforge.net/tracker/?func=detail&aid=2894085&group_id=10127&atid=110127

http://sourceforge.net/tracker/?func=detail&aid=1990430&group_id=10127&atid=110127
History
Date User Action Args
2012-03-15 20:50:28Jim.Jewettsetrecipients: + Jim.Jewett, barry, georg.brandl, gregory.p.smith, amaury.forgeotdarc, pitrou, benjamin.peterson, Arfrever, dmalcolm, python-dev
2012-03-15 20:50:28Jim.Jewettsetmessageid: <1331844628.28.0.456246716545.issue14234@psf.upfronthosting.co.za>
2012-03-15 20:50:27Jim.Jewettlinkissue14234 messages
2012-03-15 20:50:27Jim.Jewettcreate