xml package does not obey ignore_environment¶
On two occasions, the xml package uses environment variables to override
parser / DOM implementations: xml.sax package and xml.dom.domreg
module. On both occasions, the code should not use env vars to override
module names, when the interpreter is started with flags like -E
or -I.
- Disclosure date: 2018-09-24 (Python issue bpo-34791 reported)
Fixed In¶
- Python 3.7.2 (2018-12-23) fixed by commit c119d59 (branch 3.7) (2018-10-19)
Vulnerable Versions¶
- Python 2.7
- Python 3.4
- Python 3.5
- Python 3.6
Python issue¶
xml package does not obey sys.flags.ignore_environment.
- Python issue: bpo-34791
- Creation date: 2018-09-24
- Reporter: Christian Heimes
Timeline¶
Timeline using the disclosure date 2018-09-24 as reference:
- 2018-09-24: Python issue bpo-34791 reported by Christian Heimes
- 2018-09-24 (+0 days): commit 223e501 (branch 3.8)
- 2018-10-19 (+25 days): commit 2546ac8 (branch 2.7)
- 2018-10-19 (+25 days): commit 5e808f9 (branch 3.6)
- 2018-10-19 (+25 days): commit c119d59 (branch 3.7)
- 2018-12-23 (+90 days): Python 3.7.2 released