Jim Jewett <jimjjew...@gmail.com> added the comment: Looking at http://sourceforge.net/projects/expat/files/expat/2.1.0/, so long as XML_ATTR_INFO isn't defined at compile time, the changes are all considered bugfixes, and the XML_SetHashSalt is the only other changed API.
Is a potential Denial of Service really worse than a crash, such as these fixed bugs: http://sourceforge.net/tracker/?func=detail&aid=2894085&group_id=10127&atid=110127 http://sourceforge.net/tracker/?func=detail&aid=1990430&group_id=10127&atid=110127 ---------- nosy: +Jim.Jewett _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue14234> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
