Gregory P. Smith <g...@krypto.org> added the comment: Reasons why it is a good idea to apply this change to 2.7.4 and 3.2.4:
* Memory leak in poolGrow (CVE-2012-1148) * Resource leak in readfilemap.c (CVE-2012-1147) * Buffer over-read and crash in big2_toUtf8 (CVE-2009-3560) * Parser crash with special UTF-8 sequences (CVE-2009-3270) * Dangling positionPtr after error (2855609) - http://sourceforge.net/tracker/?func=detail&aid=2855609&group_id=10127&atid=110127 - Specifically reported by a pyexpat user. * Unitialized memory returned from XML_Parse (3206497) - http://sourceforge.net/tracker/?func=detail&aid=3206497&group_id=10127&atid=110127 The features 2.1.0 adds over 2.0.x are not exposed to pyexpat or Python users. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue14340> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com