Debian Patches
Status for python-xmltodict/0.13.0-1.1~deb13u1
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 0001-Prevent-XML-injection-reject-in-element-attr-names-i.patch | Prevent XML injection: reject '<'/'>' in element/attr names (incl. @xmlns) * Add tests for tag names, attribute names, and @xmlns prefixes; confirm attr values are escaped. |
Martin Blech <78768+martinblech@users.noreply.github.com> | no | 2025-09-04 | ||
| 0002-Enhance-unparse-XML-name-validation-with-stricter-ru.patch | Enhance unparse() XML name validation with stricter rules and tests Extend existing validation (previously only for "<" and ">") to also reject element, attribute, and xmlns prefix names that are non-string, start with "?" or "!", or contain "/", spaces, tabs, or newlines. Update _emit and namespace handling to use _validate_name. Add tests covering these new invalid name cases. |
Martin Blech <78768+martinblech@users.noreply.github.com> | no | 2025-09-08 | ||
| 0003-Harden-XML-name-validation-reject-quotes-and-add-tes.patch | Harden XML name validation: reject quotes and '='; add tests | Martin Blech <78768+martinblech@users.noreply.github.com> | no | 2025-09-08 |
All known versions for source package 'python-xmltodict'
- 1.0.3-1 (experimental)
- 0.13.0-1.1 (sid, forky)
- 0.13.0-1.1~deb13u1 (trixie)
- 0.13.0-1.1~deb12u1 (bookworm)
