Mandriva Linux Security Advisory 2013-118 - Universal Feed Parser before 5.1.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML ENTITY declaration in a non-ASCII encoded document.
fb5ebc586396c019e439047a9c56d93e71eb681ddca2bbf7c365abe597b3d5be
Ubuntu Security Notice 1449-1 - It was discovered that feedparser did not properly sanitize ENTITY declarations in encoded fields. A remote attacker could exploit this to cause a denial of service via memory exhaustion.
6a3a1b00e46dc08727ec76015083bbe2e5e84e541d19baf4809755132656980b