From 5d1791ffd2ffdb70cbcf81a49cb0a7cda3fe1f46 Mon Sep 17 00:00:00 2001
From: Carl Meyer <carl@oddbird.net>
Date: Tue, 19 Feb 2013 18:22:22 -0700
Subject: [PATCH] [1.4.x] Don't characterize XML vulnerabilities as DoS-only.

---
 docs/releases/1.4.4.txt | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/docs/releases/1.4.4.txt b/docs/releases/1.4.4.txt
index cdbf159b79..c5fcbc3e39 100644
--- a/docs/releases/1.4.4.txt
+++ b/docs/releases/1.4.4.txt
@@ -40,12 +40,11 @@ XML deserialization
 -------------------
 
 The XML parser in the Python standard library is vulnerable to a number of
-denial-of-service attacks via external entities and entity expansion. Django
-uses this parser for deserializing XML-formatted database fixtures. This
-deserializer is not intended for use with untrusted data, but in order to err
-on the side of safety in Django 1.4.4 the XML deserializer refuses to parse an
-XML document with a DTD (DOCTYPE definition), which closes off these attack
-avenues.
+attacks via external entities and entity expansion. Django uses this parser for
+deserializing XML-formatted database fixtures. This deserializer is not
+intended for use with untrusted data, but in order to err on the side of safety
+in Django 1.4.4 the XML deserializer refuses to parse an XML document with a
+DTD (DOCTYPE definition), which closes off these attack avenues.
 
 These issues in the Python standard library are CVE-2013-1664 and
 CVE-2013-1665. More information available `from the Python security team`_.