PublicArchive/cpython
2
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2026-05-08 21:50:40 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
aa5ad5059753270caa052d4480d6489ca1e15ca9
cpython/Modules/expat
T
History
Sebastian Pipping bc36bd1786 [3.13] gh-90949: add Expat API to prevent XML deadly allocations (CVE-2025-59375) (GH-139234) (#139367) 
* gh-90949: add Expat API to prevent XML deadly allocations (CVE-2025-59375) (#139234)

Expose the XML Expat 2.7.2 mitigation APIs to disallow use of
disproportional amounts of dynamic memory from within an Expat
parser (see CVE-2025-59375 for instance).

The exposed APIs are available on Expat parsers, that is,
parsers created by `xml.parsers.expat.ParserCreate()`, as:

- `parser.SetAllocTrackerActivationThreshold(threshold)`, and
- `parser.SetAllocTrackerMaximumAmplification(max_factor)`.

(cherry picked from commit f04bea44c3)
(cherry picked from commit 68a1778b77)
2025-11-02 12:39:11 +00:00
..
ascii.h
bpo-44394: Update libexpat copy to 2.4.1 (GH-26945)
2021-08-29 16:08:24 +02:00
asciitab.h
bpo-44394: Update libexpat copy to 2.4.1 (GH-26945)
2021-08-29 16:08:24 +02:00
COPYING
gh-97005: Update libexpat from 2.4.7 to 2.4.9 (gh-97006)
2022-09-22 21:25:05 +09:00
expat_config.h
gh-115399: Upgrade bundled libexpat to 2.6.0 (#115431)
2024-02-14 16:29:06 +00:00
expat_external.h
[3.13] gh-138998: Upgrade vendored expat to 2.7.2 (GH-138999) (#139025)
2025-09-18 12:42:42 +01:00
expat.h
[3.13] gh-139312: Update bundled libexpat to 2.7.3 (GH-139319) (#139377)
2025-09-27 08:19:09 +00:00
iasciitab.h
bpo-44394: Update libexpat copy to 2.4.1 (GH-26945)
2021-08-29 16:08:24 +02:00
internal.h
[3.13] gh-139312: Update bundled libexpat to 2.7.3 (GH-139319) (#139377)
2025-09-27 08:19:09 +00:00
latin1tab.h
bpo-44394: Update libexpat copy to 2.4.1 (GH-26945)
2021-08-29 16:08:24 +02:00
nametab.h
bpo-44394: Update libexpat copy to 2.4.1 (GH-26945)
2021-08-29 16:08:24 +02:00
pyexpatns.h
[3.13] gh-90949: add Expat API to prevent XML deadly allocations (CVE-2025-59375) (GH-139234) (#139367)
2025-11-02 12:39:11 +00:00
refresh.sh
[3.13] gh-139312: Update bundled libexpat to 2.7.3 (GH-139319) (#139377)
2025-09-27 08:19:09 +00:00
siphash.h
[3.13] gh-123678: Upgrade libexpat 2.6.3 (GH-123689) (GH-123707)
2024-09-05 13:37:40 +02:00
utf8tab.h
bpo-44394: Update libexpat copy to 2.4.1 (GH-26945)
2021-08-29 16:08:24 +02:00
winconfig.h
gh-115399: Upgrade bundled libexpat to 2.6.0 (#115431)
2024-02-14 16:29:06 +00:00
xmlparse.c
[3.13] gh-139312: Update bundled libexpat to 2.7.3 (GH-139319) (#139377)
2025-09-27 08:19:09 +00:00
xmlrole.c
gh-115399: Upgrade bundled libexpat to 2.6.0 (#115431)
2024-02-14 16:29:06 +00:00
xmlrole.h
[3.13] gh-139312: Update bundled libexpat to 2.7.3 (GH-139319) (#139377)
2025-09-27 08:19:09 +00:00
xmltok_impl.c
gh-115399: Upgrade bundled libexpat to 2.6.0 (#115431)
2024-02-14 16:29:06 +00:00
xmltok_impl.h
gh-98739: Update libexpat from 2.4.9 to 2.5.0 (#98742)
2022-10-27 13:45:12 -07:00
xmltok_ns.c
bpo-46400: Update libexpat from 2.4.1 to 2.4.4 (GH-31022)
2022-02-13 00:29:41 +09:00
xmltok.c
[3.13] gh-138998: Upgrade vendored expat to 2.7.2 (GH-138999) (#139025)
2025-09-18 12:42:42 +01:00
xmltok.h
[3.13] gh-138998: Upgrade vendored expat to 2.7.2 (GH-138999) (#139025)
2025-09-18 12:42:42 +01:00