[Git][reproducible-builds/diffoscope][master] pyexpat 2.6.0 is not vulnerable to the XML entity expansion attack, so we can...
Chris Lamb (@lamby)
gitlab at salsa.debian.org
Wed Jan 15 13:40:08 UTC 2025
Chris Lamb pushed to branch master at Reproducible Builds / diffoscope
Commits:
c8cd8ee4 by Chris Lamb at 2025-01-15T13:39:55+00:00
pyexpat 2.6.0 is not vulnerable to the XML entity expansion attack, so we can drop this equals sign. Thanks, Florian!
- - - - -
1 changed file:
- diffoscope/comparators/xml.py
Changes:
=====================================
diffoscope/comparators/xml.py
=====================================
@@ -57,7 +57,7 @@ def is_vulnerable_xml_parser():
int(x) for x in pyexpat.EXPAT_VERSION.split("_", 1)[1].split(".")
)
- return pyexpat_version <= (2, 6, 0)
+ return pyexpat_version < (2, 6, 0)
def _format(node):
View it on GitLab: https://salsa.debian.org/reproducible-builds/diffoscope/-/commit/c8cd8ee45f6fe5029a6d5cae586d8ceda20ee8b3
--
View it on GitLab: https://salsa.debian.org/reproducible-builds/diffoscope/-/commit/c8cd8ee45f6fe5029a6d5cae586d8ceda20ee8b3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20250115/c578bc30/attachment.htm>
More information about the rb-commits
mailing list