lxml 2.3.2-1 breaks after libxml2 security patch
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lxml |
New
|
Undecided
|
Unassigned |
Bug Description
Python : sys.version_
lxml.etree : (2, 3, 2, 0)
libxml used : (2, 7, 8)
libxml compiled : (2, 7, 8)
libxslt used : (1, 1, 26)
libxslt compiled : (1, 1, 26)
----------------
After a recent security patch to libxml2 (https:/
I was able to reproduce this very easily on an Ubuntu VM. The previous version-
I have compiled some test notes and a simple example script to reproduce the issue (see : https:/
Here's the current python-lxml package I have installed:
$ dpkg -s python-lxml
Package: python-lxml
Status: install ok installed
Priority: optional
Section: python
Installed-Size: 2150
Maintainer: Ubuntu Developers <email address hidden>
Architecture: amd64
Source: lxml
Version: 2.3.2-1
Replaces: python2.3-lxml, python2.4-lxml
Provides: python2.7-lxml
Depends: python2.7, python (>= 2.7.1-0ubuntu2), python (<< 2.8), libc6 (>= 2.4), libxml2 (>= 2.7.4), libxslt1.1 (>= 1.1.26)
Suggests: python-lxml-dbg
Conflicts: python2.3-lxml, python2.4-lxml
Description: pythonic binding for the libxml2 and libxslt libraries
lxml is a new Python binding for libxml2 and libxslt, completely
independent from existing Python bindings. Its aim:
.
* Pythonic API.
* Documented.
* Use Python unicode strings in API.
* Safe (no segfaults).
* No manual memory management!
.
lxml aims to provide a Pythonic API by following as much as possible
the ElementTree API, trying to avoid inventing too many new APIs,
or the user's having to learn new things -- XML is complicated enough.
Original-
Homepage: http://
If you need any additional information, let me know. I'll be happy to provide whatever you need.
Cheers,
-Lars
It seems there is a fix, but it needs to be packaged: https:/ /github. com/lxml/ lxml/commit/ 19f0a477c935b40 2c93395f8c0cb56 1646f4bdc3