python/defusedxml: Added (XML bomb protection for Python).

Signed-off-by: David Spencer <idlemoor@slackbuilds.org>

1 files changed, 19 insertions, 0 deletions

diff --git a/python/defusedxml/slack-desc b/python/defusedxml/slack-desc
new file mode 100644
index 0000000000..2498c6aa27
--- /dev/null
+++ b/python/defusedxml/slack-desc
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description.
+# Line up the first '|' above the ':' following the base package name, and
+# the '|' on the right side marks the last column you can put a character in.
+# You must make exactly 11 lines for the formatting to be correct.  It's also
+# customary to leave one space after the ':' except on otherwise blank lines.
+
+          |-----handy-ruler------------------------------------------------------|
+defusedxml: defusedxml (XML bomb protection for Python stdlib modules)
+defusedxml:
+defusedxml: The results of an attack on a vulnerable XML library can be fairly
+defusedxml: dramatic.  With just a few hundred Bytes of XML data an attacker can
+defusedxml: occupy several Gigabytes of memory within seconds.  An attacker can
+defusedxml: also keep CPUs busy for a long time with a small to medium size
+defusedxml: request.  Under some circumstances it is even possible to access local
+defusedxml: files on your server, to circumvent a firewall, or to abuse services
+defusedxml: to rebound attacks to third parties.  This library allows for XML to
+defusedxml: be parsed in a manner that avoids these pitfalls.
+defusedxml: