Bug#866120: diffoscope: please add an xml comparator
Juliana Rodrigues
juliana.orod at gmail.com
Mon Jul 24 18:54:42 UTC 2017
Hi Mattia,
Actually I havent. Looks like minidom is vulnerable to both
[billion laughs] and [quadratic blowup].
Should we migrate to defusexml? What you think? (:
2017-07-21 14:22 GMT-03:00 Mattia Rizzolo <mattia at debian.org>:
> On Fri, Jul 21, 2017 at 10:48:07AM +0100, Chris Lamb wrote:
> > … And I've now also merged the code into our Git repo. Thanks!
>
> Did you both go through
> https://docs.python.org/3/library/xml.html#xml-vulnerabilities and
> decided that the standard minidom was safe for our usages?
>
> --
> regards,
> Mattia Rizzolo
>
> GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
> more about me: https://mapreri.org : :' :
> Launchpad user: https://launchpad.net/~mapreri `. `'`
> Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20170724/58ca5315/attachment.html>
More information about the Reproducible-builds
mailing list