New submission from Natanael Copa: cpython bundles expat in Modules/expat/ and needs to be updated to expat-2.2.0 to fix various security vulnerabilities.
21 June 2016, Expat 2.2.0 released. Release 2.2.0 includes security & other bug fixes. Security fixes CVE-2016-0718 (issue 537) Fix crash on malformed input CVE-2016-4472 Improve insufficient fix to CVE-2015-1283 / CVE-2015-2716 introduced with Expat 2.1.1 CVE-2016-5300 (issue 499) Use more entropy for hash initialization than the original fix to CVE-2012-0876 CVE-2012-6702 (issue 519) Resolve troublesome internal call to srand that was introduced with Expat 2.1.0 when addressing CVE-2012-0876 (issue 496) Fix should be applied to all maintained python branches. ---------- messages: 288014 nosy: Natanael Copa priority: normal severity: normal status: open title: Various security vulnerabilities in bundled expat type: security versions: Python 2.7, Python 3.3, Python 3.4, Python 3.5, Python 3.6, Python 3.7 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue29591> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
