mirror/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2026-01-28 05:35:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
cpython/Modules/expat
History
Sebastian Pipping bc36bd1786
[3.13] gh-90949: add Expat API to prevent XML deadly allocations (CVE-2025-59375) (GH-139234) (#139367) 
* gh-90949: add Expat API to prevent XML deadly allocations (CVE-2025-59375) (#139234)

Expose the XML Expat 2.7.2 mitigation APIs to disallow use of
disproportional amounts of dynamic memory from within an Expat
parser (see CVE-2025-59375 for instance).

The exposed APIs are available on Expat parsers, that is,
parsers created by `xml.parsers.expat.ParserCreate()`, as:

- `parser.SetAllocTrackerActivationThreshold(threshold)`, and
- `parser.SetAllocTrackerMaximumAmplification(max_factor)`.

(cherry picked from commit f04bea44c37793561d753dd4ca6e7cd658137553)
(cherry picked from commit 68a1778b7721f3fb853cd3aa674f7039c2a4df36)
2025-11-02 12:39:11 +00:00
..
ascii.h
asciitab.h
COPYING
expat_config.h
expat_external.h
[3.13] gh-138998: Upgrade vendored expat to 2.7.2 (GH-138999) (#139025)
2025-09-18 12:42:42 +01:00
expat.h
[3.13] gh-139312: Update bundled libexpat to 2.7.3 (GH-139319) (#139377)
2025-09-27 08:19:09 +00:00
iasciitab.h
internal.h
[3.13] gh-139312: Update bundled libexpat to 2.7.3 (GH-139319) (#139377)
2025-09-27 08:19:09 +00:00
latin1tab.h
nametab.h
pyexpatns.h
[3.13] gh-90949: add Expat API to prevent XML deadly allocations (CVE-2025-59375) (GH-139234) (#139367)
2025-11-02 12:39:11 +00:00
refresh.sh
[3.13] gh-139312: Update bundled libexpat to 2.7.3 (GH-139319) (#139377)
2025-09-27 08:19:09 +00:00
siphash.h
[3.13] gh-123678: Upgrade libexpat 2.6.3 (GH-123689) (GH-123707)
2024-09-05 13:37:40 +02:00
utf8tab.h
winconfig.h
xmlparse.c
[3.13] gh-139312: Update bundled libexpat to 2.7.3 (GH-139319) (#139377)
2025-09-27 08:19:09 +00:00
xmlrole.c
xmlrole.h
[3.13] gh-139312: Update bundled libexpat to 2.7.3 (GH-139319) (#139377)
2025-09-27 08:19:09 +00:00
xmltok_impl.c
xmltok_impl.h
xmltok_ns.c
xmltok.c
[3.13] gh-138998: Upgrade vendored expat to 2.7.2 (GH-138999) (#139025)
2025-09-18 12:42:42 +01:00
xmltok.h
[3.13] gh-138998: Upgrade vendored expat to 2.7.2 (GH-138999) (#139025)
2025-09-18 12:42:42 +01:00