Python is vulnerable to denial of service attacks. Remote unauthenticated attackers could exploit the vulnerable Elementtree C Accelerator
component by constructing an XML document that would cause pathological hash collisions in Expat’s internal data structures, consuming large amounts CPU and RAM.
lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
www.securityfocus.com/bid/105396
www.securitytracker.com/id/1041740
access.redhat.com/errata/RHSA-2019:1260
access.redhat.com/errata/RHSA-2019:2030
access.redhat.com/errata/RHSA-2019:3725
access.redhat.com/security/updates/classification/#important
bugs.python.org/issue34623
bugzilla.redhat.com/show_bug.cgi?id=1709349
bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14647
lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
lists.debian.org/debian-lts-announce/2019/06/msg00022.html
lists.debian.org/debian-lts-announce/2019/06/msg00023.html
lists.fedoraproject.org/archives/list/[email protected]/message/RBJCB2HWOJLP3L7CUQHJHNBHLSVOXJE5/
usn.ubuntu.com/3817-1/
usn.ubuntu.com/3817-2/
www.debian.org/security/2018/dsa-4306
www.debian.org/security/2018/dsa-4307