A denial of service flaw was reported and fixed in feedparser, a module for parsing atom and RSS feeds in python. Previously, ENTITY declarations could be used to create a denial of service through exponential memory consumption, by allowing such declarations to hide in non-ASCII-compatible encoded documents. Feedparser now first normalizes the encoding and then replaces the DOCTYPE and ENTITY declarations. This is corrected in upstream version 5.1.2 [1] and svn r703 [2]. [1] http://freecode.com/projects/feedparser/releases/344371 [2] https://code.google.com/p/feedparser/source/detail?r=703&path=/trunk/feedparser/feedparser.py
Created python-feedparser tracking bugs for this issue Affects: fedora-all [bug 824602] Affects: epel-all [bug 824604]
python-feedparser-5.1.2-2.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
The bugfixes have been pushed to currently supported releases.