** Description changed: - python-pysaml2 now depends on defusedxml which is in universe, and is - blocked in -proposed because of this dependency. Filing a stub MIR bug. + [Availability] + Currently in universe + + [Rationale] + python-pysaml2 now depends defusedxml + + [Security] + Only these security histories were found but all them are already fixed. + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1665 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1664 + + [Quality assurance] + Package has a self test that are called in build/install time. + No bug reports were found for this package in debian bugtracker. + No major bugs related to it in launchpad. + + [Dependencies] + All the dependencies are in main (python-all, python3-all, debhelper, dh-python, python-setuptools, python3-setupotools) + + [Standards compliance] + I haven't found any FHS and and Debian policy violantions + + [Maintenance] + To be decided + + [Background information] + Package description: XML bomb protection for Python stdlib modules + + The results of an attack on a vulnerable XML library can be fairly + dramatic. With just a few hundred bytes of XML data an attacker can occupy several + gigabytes of memory within seconds. An attacker can also keep + CPUs busy for a long time with a small to medium size request. + This library allows for XML to be parsed in a manner that avoids these + pitfalls. This package contains the module for the Python 2 interpreter.
** Description changed: [Availability] Currently in universe [Rationale] python-pysaml2 now depends defusedxml [Security] Only these security histories were found but all them are already fixed. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1665 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1664 [Quality assurance] Package has a self test that are called in build/install time. - No bug reports were found for this package in debian bugtracker. + No bug reports were found for this package in debian bugtracker. No major bugs related to it in launchpad. [Dependencies] All the dependencies are in main (python-all, python3-all, debhelper, dh-python, python-setuptools, python3-setupotools) [Standards compliance] - I haven't found any FHS and and Debian policy violantions + I haven't found any FHS or Debian policy violantions [Maintenance] To be decided [Background information] Package description: XML bomb protection for Python stdlib modules - The results of an attack on a vulnerable XML library can be fairly - dramatic. With just a few hundred bytes of XML data an attacker can occupy several - gigabytes of memory within seconds. An attacker can also keep - CPUs busy for a long time with a small to medium size request. - This library allows for XML to be parsed in a manner that avoids these + The results of an attack on a vulnerable XML library can be fairly + dramatic. With just a few hundred bytes of XML data an attacker can occupy several + gigabytes of memory within seconds. An attacker can also keep + CPUs busy for a long time with a small to medium size request. + This library allows for XML to be parsed in a manner that avoids these pitfalls. This package contains the module for the Python 2 interpreter. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1713264 Title: [MIR] defusedxml To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/defusedxml/+bug/1713264/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
