On Thu, Feb 21, 2013 at 9:23 AM, Stephen J. Turnbull <[email protected]>wrote:
> Jesse Noller writes:
>
> > I guess someone need to write a proof of concept exploit for you
> > and release it into the wild.
>
> This is a bit ridiculous. This stuff looks easy enough that surely
> Christian's post informed any malicious body who didn't already know
> how to do it. If the exploit matters, it's already in the wild.
> ("Hey, didja know that an XML processor that expands entities does so
> recursively?" "Uh-oh ....")
>
Just to clarify for my own curiosity. These attacks (e.g.
http://en.wikipedia.org/wiki/Billion_laughs) have been known and public
since 2003?
Eli
_______________________________________________
Python-Dev mailing list
[email protected]
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
