summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Heimes <christian@python.org>2013-02-21 13:36:01 +0100
committerChristian Heimes <christian@python.org>2013-02-21 13:36:01 +0100
commit3c27267f6ea6f64a97283ac34da803378643e58b (patch)
tree2c6ef479064ca0695359e3535e730d4c2bf4e802
parent80df2598f046dbdd81ce8f2e72dcca66173c8b99 (diff)
downloaddefusedxml-git-3c27267f6ea6f64a97283ac34da803378643e58b.tar.gz
note about demo exploit
-rw-r--r--CHANGES.txt2
1 files changed, 1 insertions, 1 deletions
diff --git a/CHANGES.txt b/CHANGES.txt
index a5bafff..fe8f95b 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -9,9 +9,9 @@ defusedxml 0.4
- As per http://seclists.org/oss-sec/2013/q1/340 please REJECT
CVE-2013-0278, CVE-2013-0279 and CVE-2013-0280 and use CVE-2013-1664,
CVE-2013-1665 for OpenStack/etc.
-
- Add missing parser_list argument to sax.make_parser(). The argument is
ignored, though. (thanks to Florian Apolloner)
+- Add demo exploit for external entity attack on Python's SAX parser.
defusedxml 0.3