11# SOME DESCRIPTIVE TITLE.
2- # Copyright (C) 2001-2021 , Python Software Foundation
2+ # Copyright (C) 2001-2024 , Python Software Foundation
33# This file is distributed under the same license as the Python package.
44# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
55#
66# Translators:
77# 汇民 王 <whuim@qq.com>, 2020
8- # Freesand Leo <yuqinju@163.com>, 2020
8+ # Freesand Leo <yuqinju@163.com>, 2024
99#
1010#, fuzzy
1111msgid ""
1212msgstr ""
1313"Project-Id-Version : Python 3.8\n "
1414"Report-Msgid-Bugs-To : \n "
15- "POT-Creation-Date : 2021-01-01 16:06 +0000\n
15+ "POT-Creation-Date : 2024-02-23 23:39 +0000\n
1616"PO-Revision-Date : 2020-05-30 12:14+0000\n "
17- "Last-Translator : Freesand Leo <yuqinju@163.com>, 2020 \n "
18- "Language-Team : Chinese (China) (https://www .transifex.com/python-doc/teams/5390/zh_CN/)\n "
17+ "Last-Translator : Freesand Leo <yuqinju@163.com>, 2024 \n "
18+ "Language-Team : Chinese (China) (https://app .transifex.com/python-doc/teams/5390/zh_CN/)\n "
1919"MIME-Version : 1.0\n "
2020"Content-Type : text/plain; charset=UTF-8\n "
2121"Content-Transfer-Encoding : 8bit\n "
@@ -140,36 +140,36 @@ msgstr "billion laughs"
140140#: ../../library/xml.rst:66 ../../library/xml.rst:66 ../../library/xml.rst:66
141141#: ../../library/xml.rst:66 ../../library/xml.rst:66 ../../library/xml.rst:67
142142#: ../../library/xml.rst:67 ../../library/xml.rst:67 ../../library/xml.rst:67
143- #: ../../library/xml.rst:67 ../../library/xml.rst:70
144- msgid "**Vulnerable**"
145- msgstr "**易受攻击**"
143+ #: ../../library/xml.rst:67
144+ msgid "**Vulnerable** (1) "
145+ msgstr "**易受攻击** (1) "
146146
147147#: ../../library/xml.rst:67
148148msgid "quadratic blowup"
149149msgstr "quadratic blowup"
150150
151- #: ../../library/xml.rst:68 ../../library/xml.rst:99
151+ #: ../../library/xml.rst:68 ../../library/xml.rst:109
152152msgid "external entity expansion"
153153msgstr "external entity expansion"
154154
155155#: ../../library/xml.rst:68 ../../library/xml.rst:68 ../../library/xml.rst:69
156156#: ../../library/xml.rst:69
157- msgid "Safe (4 )"
158- msgstr "安全 (4 )"
157+ msgid "Safe (5 )"
158+ msgstr "安全 (5 )"
159159
160160#: ../../library/xml.rst:68
161- msgid "Safe (1)"
162- msgstr "安全 (1)"
163-
164- #: ../../library/xml.rst:68
165- msgid "Safe (2)"
161+ msgid "Safe (2)"
166162msgstr "安全 (2)"
167163
168164#: ../../library/xml.rst:68
169- msgid "Safe (3)"
165+ msgid "Safe (3)"
170166msgstr "安全 (3)"
171167
172- #: ../../library/xml.rst:69 ../../library/xml.rst:104
168+ #: ../../library/xml.rst:68
169+ msgid "Safe (4)"
170+ msgstr "安全 (4)"
171+
172+ #: ../../library/xml.rst:69 ../../library/xml.rst:114
173173msgid "`DTD`_ retrieval"
174174msgstr "`DTD`_ retrieval"
175175
@@ -179,37 +179,70 @@ msgstr "`DTD`_ retrieval"
179179msgid "Safe"
180180msgstr "安全"
181181
182- #: ../../library/xml.rst:70 ../../library/xml.rst:111
182+ #: ../../library/xml.rst:70 ../../library/xml.rst:121
183183msgid "decompression bomb"
184184msgstr "decompression bomb"
185185
186- #: ../../library/xml.rst:73
186+ #: ../../library/xml.rst:70
187+ msgid "**Vulnerable**"
188+ msgstr "**易受攻击**"
189+
190+ #: ../../library/xml.rst:71 ../../library/xml.rst:128
191+ msgid "large tokens"
192+ msgstr "解析大量词元"
193+
194+ #: ../../library/xml.rst:71 ../../library/xml.rst:71 ../../library/xml.rst:71
195+ #: ../../library/xml.rst:71 ../../library/xml.rst:71
196+ msgid "**Vulnerable** (6)"
197+ msgstr "**易受攻击** (6)"
198+
199+ #: ../../library/xml.rst:74
200+ msgid ""
201+ "Expat 2.4.1 and newer is not vulnerable to the \" billion laughs\" and "
202+ "\" quadratic blowup\" vulnerabilities. Items still listed as vulnerable due "
203+ "to potential reliance on system-provided libraries. Check "
204+ ":data:`pyexpat.EXPAT_VERSION`."
F438
205+ msgstr ""
206+ "Expat 2.4.1 及更新的版本不易受 \" billion laughs\" 和 \" quadratic blowup\" 漏洞的攻击。 "
207+ "因为可能要依赖系统提供的库而仍被列为易受攻击的项目。 请检查 :data:`pyexpat.EXPAT_VERSION`。"
208+
209+ #: ../../library/xml.rst:78
187210msgid ""
188211":mod:`xml.etree.ElementTree` doesn't expand external entities and raises a "
189212":exc:`ParserError` when an entity occurs."
190213msgstr ":mod:`xml.etree.ElementTree` 不会扩展外部实体并在实体发生时引发 :exc:`ParserError`。"
191214
192- #: ../../library/xml.rst:75
215+ #: ../../library/xml.rst:80
193216msgid ""
194217":mod:`xml.dom.minidom` doesn't expand external entities and simply returns "
195218"the unexpanded entity verbatim."
196219msgstr ":mod:`xml.dom.minidom` 不会扩展外部实体,只是简单地返回未扩展的实体。"
197220
198- #: ../../library/xml.rst:77
221+ #: ../../library/xml.rst:82
199222msgid ":mod:`xmlrpclib` doesn't expand external entities and omits them."
200223msgstr ":mod:`xmlrpclib` 不扩展外部实体并省略它们。"
201224
202- #: ../../library/xml.rst:78
225+ #: ../../library/xml.rst:83
203226msgid ""
204227"Since Python 3.7.1, external general entities are no longer processed by "
205228"default."
206229msgstr "从 Python 3.7.1 开始,默认情况下不再处理外部通用实体。"
207230
208- #: ../../library/xml.rst:87
231+ #: ../../library/xml.rst:85
232+ msgid ""
233+ "Expat 2.6.0 and newer is not vulnerable to denial of service through "
234+ "quadratic runtime caused by parsing large tokens. Items still listed as "
235+ "vulnerable due to potential reliance on system-provided libraries. Check "
236+ ":const:`!pyexpat.EXPAT_VERSION`."
237+ msgstr ""
238+ "Expat 2.6.0 及更新的版本不易受到因解析大量词元而导致利用指数级运行时间的拒绝服务攻击。 "
239+ "由于对系统所提供的库的潜在依赖仍会有一些项目被列为易受攻击。 请检查 :const:`!pyexpat.EXPAT_VERSION`。"
240+
241+ #: ../../library/xml.rst:97
209242msgid "billion laughs / exponential entity expansion"
210243msgstr "billion laughs / exponential entity expansion (狂笑/递归实体扩展)"
211244
212- #: ../../library/xml.rst:83
245+ #: ../../library/xml.rst:93
213246msgid ""
214247"The `Billion Laughs`_ attack -- also known as exponential entity expansion "
215248"-- uses multiple levels of nested entities. Each entity refers to another "
@@ -220,11 +253,11 @@ msgstr ""
220253"`Billion Laughs`_ 攻击 -- 也称为递归实体扩展 -- 使用多级嵌套实体。 每个实体多次引用另一个实体,最终实体定义包含一个小字符串。"
221254" 指数级扩展导致几千 GB 的文本,并消耗大量内存和 CPU 时间。"
222255
223- #: ../../library/xml.rst:94
256+ #: ../../library/xml.rst:104
224257msgid "quadratic blowup entity expansion"
225258msgstr "quadratic blowup entity expansion(二次爆炸实体扩展)"
226259
227- #: ../../library/xml.rst:90
260+ #: ../../library/xml.rst:100
228261msgid ""
229262"A quadratic blowup attack is similar to a `Billion Laughs`_ attack; it "
230263"abuses entity expansion, too. Instead of nested entities it repeats one "
@@ -235,14 +268,14 @@ msgstr ""
235268"二次爆炸攻击类似于 `Billion Laughs`_ 攻击,它也滥用实体扩展。 "
236269"它不是嵌套实体,而是一遍又一遍地重复一个具有几千个字符的大型实体。攻击不如递归情况有效,但它避免触发禁止深度嵌套实体的解析器对策。"
237270
238- #: ../../library/xml.rst:97
271+ #: ../../library/xml.rst:107
239272msgid ""
240273"Entity declarations can contain more than just text for replacement. They "
241274"can also point to external resources or local files. The XML parser accesses"
242275" the resource and embeds the content into the XML document."
243276msgstr "实体声明可以包含的不仅仅是替换文本。 它们还可以指向外部资源或本地文件。 XML 解析器访问资源并将内容嵌入到 XML 文档中。"
244277
245- #: ../../library/xml.rst:102
278+ #: ../../library/xml.rst:112
246279msgid ""
247280"Some XML libraries like Python's :mod:`xml.dom.pulldom` retrieve document "
248281"type definitions from remote or local locations. The feature has similar "
@@ -251,7 +284,7 @@ msgstr ""
251284"Python 的一些 XML 库 :mod:`xml.dom.pulldom` 从远程或本地位置检索文档类型定义。 "
252285"该功能与外部实体扩展问题具有相似的含义。"
253286
254- #: ../../library/xml.rst:107
287+ #: ../../library/xml.rst:117
255288msgid ""
256289"Decompression bombs (aka `ZIP bomb`_) apply to all XML libraries that can "
257290"parse compressed XML streams such as gzipped HTTP streams or LZMA-compressed"
@@ -261,17 +294,29 @@ msgstr ""
261294"Decompression bombs(解压
E488
弹,又名 `ZIP bomb`_)适用于所有可以解析压缩 XML 流(例如 gzip 压缩的 HTTP "
262295"流或 LZMA 压缩的文件)的 XML 库。 对于攻击者来说,它可以将传输的数据量减少三个量级或更多。"
263296
264- #: ../../library/xml.rst:113
297+ #: ../../library/xml.rst:124
298+ msgid ""
299+ "Expat needs to re-parse unfinished tokens; without the protection introduced"
300+ " in Expat 2.6.0, this can lead to quadratic runtime that can be used to "
301+ "cause denial of service in the application parsing XML. The issue is known "
302+ "as `CVE-2023-52425 <https://cve.mitre.org/cgi-"
303+ "bin/cvename.cgi?name=CVE-2023-52425>`_."
304+ msgstr ""
305+ "Expat 需要重新解析未完成的词元;在没有 Expat 2.6.0 所引入的防护措施的情况下,这会导致可被用来在解析 XML "
306+ "的应用程序中制造拒绝服务攻击的指数级运行时间。 此问题被称为 `CVE-2023-52425 <https://cve.mitre.org/cgi-"
307+ "bin/cvename.cgi?name=CVE-2023-52425>`_。"
308+
309+ #: ../../library/xml.rst:130
265310msgid ""
266311"The documentation for `defusedxml`_ on PyPI has further information about "
267312"all known attack vectors with examples and references."
268313msgstr "PyPI上 `defusedxml`_ 的文档包含有关所有已知攻击向量的更多信息以及示例和参考。"
269314
270- #: ../../library/xml.rst:119
315+ #: ../../library/xml.rst:136
271316msgid "The :mod:`defusedxml` Package"
272317msgstr ":mod:`defusedxml` 包"
273318
274- #: ../../library/xml.rst:121
319+ #: ../../library/xml.rst:138
275320msgid ""
276321"`defusedxml`_ is a pure Python package with modified subclasses of all "
277322"stdlib XML parsers that prevent any potentially malicious operation. Use of "
0 commit comments