[issue10149] [doc] Data truncation in expat parser

Change by Stanley : -- keywords: +patch nosy: +slateny nosy_count: 6.0 -> 7.0 pull_requests: +29752 stage: needs patch -> patch review pull_request: https://github.com/python/cpython/pull/31629 ___ Python tracker

[issue46793] expose expat XML billion laughs attack mitigation APIs

sping added the comment: First mention at https://bugs.python.org/issue44394#msg395642 -- nosy: +sping ___ Python tracker ___ ___

[issue46811] Test suite needs adjustments for Expat >=2.4.5

Łukasz Langa added the comment: New changeset fdfd7a93540b0866ba42264ecb9b0a3c2286f654 by Łukasz Langa (Sebastian Pipping) in branch '3.8': bpo-46811: Make test suite support Expat >=2.4.5 (GH-31453) https://github.com/python/cpython/commit/fdfd7a93540b0866ba42264ecb9b0a3c2286f

[issue46811] Test suite needs adjustments for Expat >=2.4.5

Ned Deily added the comment: New changeset d4f5bb912e67299b59b814b89a5afd9a8821a14e by Miss Islington (bot) in branch '3.7': bpo-46811: Make test suite support Expat >=2.4.5 (GH-31453) (GH-31471) https://github.com/python/cpython/commit/d4f5bb912e67299b59b814b89a5afd9a8821a

[issue46811] Test suite needs adjustments for Expat >=2.4.5

Łukasz Langa added the comment: New changeset 336a916f75642dfe2d87e237981686051d5d51f8 by Miss Islington (bot) in branch '3.9': bpo-46811: Make test suite support Expat >=2.4.5 (GH-31453) (GH-31469) https://github.com/python/cpython/commit/336a916f75642dfe2d87e237981686051d5d5

[issue46811] Test suite needs adjustments for Expat >=2.4.5

Łukasz Langa added the comment: New changeset 7da97f61816f3cadaa6788804b22a2434b40e8c5 by Miss Islington (bot) in branch '3.10': bpo-46811: Make test suite support Expat >=2.4.5 (GH-31453) (GH-31472) https://github.com/python/cpython/commit/7da97f61816f3cadaa6788804b22a2434b40e

[issue46811] Test suite needs adjustments for Expat >=2.4.5

Change by miss-islington : -- pull_requests: +29602 pull_request: https://github.com/python/cpython/pull/31472 ___ Python tracker ___

[issue46811] Test suite needs adjustments for Expat >=2.4.5

Change by miss-islington : -- pull_requests: +29601 pull_request: https://github.com/python/cpython/pull/31471 ___ Python tracker ___

[issue46811] Test suite needs adjustments for Expat >=2.4.5

Change by miss-islington : -- pull_requests: +29600 pull_request: https://github.com/python/cpython/pull/31470 ___ Python tracker ___

[issue46811] Test suite needs adjustments for Expat >=2.4.5

Change by miss-islington : -- nosy: +miss-islington nosy_count: 3.0 -> 4.0 pull_requests: +29599 pull_request: https://github.com/python/cpython/pull/31469 ___ Python tracker

[issue46811] Test suite needs adjustments for Expat >=2.4.5

Łukasz Langa added the comment: New changeset 2cae93832f46b245847bdc252456ddf7742ef45e by Sebastian Pipping in branch 'main': bpo-46811: Make test suite support Expat >=2.4.5 (GH-31453) https://github.com/python/cpython/commit/2cae93832f46b245847bdc252456ddf7742ef45e -- n

[issue46811] Test suite needs adjustments for Expat >=2.4.5

Change by sping : -- keywords: +patch pull_requests: +29581 stage: -> patch review pull_request: https://github.com/python/cpython/pull/31453 ___ Python tracker ___

[issue46811] Test suite needs adjustments for Expat >=2.4.5

New submission from sping : It has been reported at https://bugs.python.org/issue46794#msg413587 that the current CPython test suite needs some adjustments for Expat >=2.4.5. Since that is somewhat separate from updating the bundled copy of Expat to >=2.4.6, I am creating this ded

[issue46793] expose expat XML billion laughs attack mitigation APIs

Change by Dong-hee Na : -- nosy: +corona10 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue46793] expose expat XML billion laughs attack mitigation APIs

make those two^^ accessible (with additional glue code) to the user on pyexpat level in CPython. """ - Sebastian Pipping @hartwork -- messages: 413513 nosy: gregory.p.smith priority: normal severity: normal stage: needs patch status: open title: expose expat XML billion laug

[issue45713] gcc warning when compiling Modules/expat/xmltok_ns.c

Change by Cyril Jouve : -- keywords: +patch nosy: +Cyril Jouve nosy_count: 2.0 -> 3.0 pull_requests: +29393 stage: -> patch review pull_request: https://github.com/python/cpython/pull/31022 ___ Python tracker

[issue38487] expat infinite loop

sping added the comment: Hi StyXman, I had a closer look at the files you shared, thanks for those, very helpful! What I found is that expat_test.py uses a single scalar variable (_DictSAXHandler.parser) to keep track of the related parser, while it would need a stack to allow recursion. In

[issue45713] gcc warning when compiling Modules/expat/xmltok_ns.c

sping added the comment: This has been fixed upstream in pull request https://github.com/libexpat/libexpat/pull/527 that is included with latest release libexpat 2.4.3. bpo-46400 will fix this as a side effect. -- nosy: +sping ___ Python tracker

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Change by Guido van Rossum : -- nosy: -gvanrossum ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Stefan Behnel added the comment: I'd like to ask for clarification regarding issue 45321, which adds the missing error constants to the `expat` module. I consider those new features – it seems inappropriate to add new module constants in the middle of a release series. However

[issue10149] [doc] Data truncation in expat parser

Irit Katriel added the comment: Eric's patch needs to be converted to a GitHub PR. -- components: +Library (Lib) keywords: +easy -patch nosy: +iritkatriel title: Data truncation in expat parser -> [doc] Data truncation in expat parser versions: +Python 3.11 -Python 2.7, Python

[issue16726] expat ParseFile expects bytes, not string

Irit Katriel added the comment: Reproduced on 3.11. -- components: +Library (Lib) nosy: +iritkatriel versions: +Python 3.10, Python 3.11, Python 3.9 -Python 3.4, Python 3.5 ___ Python tracker

[issue45800] Move expat handling into configure and Makefile

Christian Heimes added the comment: New changeset 464e6616be86129e33af6d9e43540c260d6804d5 by Christian Heimes in branch 'main': bpo-45800: Move pyexpat build setup into configure (GH-29547) https://github.com/python/cpython/commit/464e6616be86129e33af6d9e43540c260d6804d5 --

[issue45800] Move expat handling into configure and Makefile

Change by Christian Heimes : -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker ___

[issue45800] Move expat handling into configure and Makefile

Change by Christian Heimes : -- keywords: +patch pull_requests: +27796 stage: -> patch review pull_request: https://github.com/python/cpython/pull/29547 ___ Python tracker

[issue45800] Move expat handling into configure and Makefile

Christian Heimes added the comment: An intermediate libexpat.a simplifies Modules/Setup. The explicit rules are required to support BSD make. bmake does neither have "%.o: %.c" nor target variable overrides like GNU make. -- ___ Python tracker

[issue45800] Move expat handling into configure and Makefile

New submission from Christian Heimes : Move logic for --with-system-expat out of setup.py into configure and Makefile. This will enable --with-system-expat in Modules/Setup without manual patching. * Set CFLAGS and LDFLAGS for pyexpat and libexpat in configure. * Build a static libexpat.a

[issue45713] gcc warning when compiling Modules/expat/xmltok_ns.c

0; return NS(encodings)[i]; } -- messages: 405717 nosy: vamsi1281977 priority: normal severity: normal status: open title: gcc warning when compiling Modules/expat/xmltok_ns.c type: compile error versions: Python 3.10 ___ Python tracker <http

[issue45329] pyexpat: segmentation fault when `--with-system-expat` is specified

Change by Serhiy Storchaka : -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker ___

[issue45329] pyexpat: segmentation fault when `--with-system-expat` is specified

miss-islington added the comment: New changeset 22cf6a2f2347b7d4f11e45e557beace55acc79b5 by Miss Islington (bot) in branch '3.10': bpo-45329: Fix freed memory access in pyexpat.c (GH-28649) https://github.com/python/cpython/commit/22cf6a2f2347b7d4f11e45e557beace55acc79b5 --

[issue45329] pyexpat: segmentation fault when `--with-system-expat` is specified

Change by miss-islington : -- pull_requests: +27055 pull_request: https://github.com/python/cpython/pull/28693 ___ Python tracker ___

[issue45329] pyexpat: segmentation fault when `--with-system-expat` is specified

Serhiy Storchaka added the comment: New changeset 0742abdc48886b74ed3b66985a54bb1c32802670 by TAGAMI Yukihiro in branch 'main': bpo-45329: Fix freed memory access in pyexpat.c (GH-28649) https://github.com/python/cpython/commit/0742abdc48886b74ed3b66985a54bb1c32802670 -- nosy:

[issue45329] pyexpat: segmentation fault when `--with-system-expat` is specified

Change by miss-islington : -- nosy: +miss-islington nosy_count: 3.0 -> 4.0 pull_requests: +27054 pull_request: https://github.com/python/cpython/pull/28692 ___ Python tracker

[issue45329] pyexpat: segmentation fault when `--with-system-expat` is specified

Change by STINNER Victor : -- nosy: +vstinner ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue45329] pyexpat: segmentation fault when `--with-system-expat` is specified

Change by TAGAMI Yukihiro : -- keywords: +patch pull_requests: +27017 stage: -> patch review pull_request: https://github.com/python/cpython/pull/28649 ___ Python tracker ___

[issue45329] pyexpat: segmentation fault when `--with-system-expat` is specified

New submission from TAGAMI Yukihiro : Some tests, which are related to pyexpat, get failed with `./configure --with-system-expat`. ``` 11 tests failed: test_minidom test_multiprocessing_fork

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Łukasz Langa added the comment: New changeset 90004fca1cc3c6e3c9b2c3faae5cb1b7d7711648 by Miss Islington (bot) in branch '3.8': [3.8] bpo-44394: Ensure libexpat is linked against libm (GH-28617) (GH-28620) https://github.com/python/cpython/commit/90004fca1cc3c6e3c9b2c3faae5cb1b7d7711648

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Change by miss-islington : -- pull_requests: +26997 pull_request: https://github.com/python/cpython/pull/28627 ___ Python tracker ___

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Łukasz Langa added the comment: New changeset 412ae8ab10734b72384c969181919cc4eb154406 by Miss Islington (bot) in branch '3.10': [3.10] bpo-44394: Ensure libexpat is linked against libm (GH-28617) (GH-28621) https://github.com/python/cpython/commit/412ae8ab10734b72384c969181919cc4eb154406

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Change by Łukasz Langa : -- pull_requests: +26996 pull_request: https://github.com/python/cpython/pull/28624 ___ Python tracker ___

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

miss-islington added the comment: New changeset fafa213870193cf79557588ae8f9a4af570fd6e3 by Miss Islington (bot) in branch '3.9': bpo-44394: Ensure libexpat is linked against libm (GH-28617) https://github.com/python/cpython/commit/fafa213870193cf79557588ae8f9a4af570fd6e3 --

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Change by miss-islington : -- pull_requests: +26994 pull_request: https://github.com/python/cpython/pull/28621 ___ Python tracker ___

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Pablo Galindo Salgado added the comment: New changeset 6c1154b9de29e1c9cd3d05f5289543e5cff73895 by Pablo Galindo Salgado in branch 'main': bpo-44394: Ensure libexpat is linked against libm (GH-28617) https://github.com/python/cpython/commit/6c1154b9de29e1c9cd3d05f5289543e5cff73895

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Change by miss-islington : -- pull_requests: +26993 pull_request: https://github.com/python/cpython/pull/28620 ___ Python tracker ___

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Change by miss-islington : -- pull_requests: +26992 pull_request: https://github.com/python/cpython/pull/28619 ___ Python tracker ___

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Change by Pablo Galindo Salgado : -- pull_requests: +26988 pull_request: https://github.com/python/cpython/pull/28617 ___ Python tracker ___

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

sping added the comment: For the AIX link error that Pablo brought up, there is merged pull request https://github.com/libexpat/libexpat/pull/510 upstream. -- ___ Python tracker

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Pablo Galindo Salgado added the comment: The backport to 3.8 broke 3.8.12 in AIX: 0/Modules/_decimal/libmpdec/sixstep.o build/temp.aix-7.1-3.8/tmp/python3.8-3.8.12-0/Modules/_decimal/libmpdec/transpose.o -L. -L/opt/bb/lib -L/opt/bb/lib64 -R/opt/bb/lib64 -lm -o

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Ned Deily added the comment: PRs merged in 3.7 branch for release in 3.7.12 and in 3.6 branch for release in 3.6.15. -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Ned Deily added the comment: New changeset 910886a6448e4bf1edf49eeace4aa240b6403772 by Ned Deily in branch '3.6': [3.6] bpo-44394: Update libexpat copy to 2.4.1 (GH-26945) (GH-28042) (GH-28080) https://github.com/python/cpython/commit/910886a6448e4bf1edf49eeace4aa240b6403772 --

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Change by Ned Deily : -- pull_requests: +26523 pull_request: https://github.com/python/cpython/pull/28080 ___ Python tracker ___

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Ned Deily added the comment: New changeset 79101b890ee021a901a8b6837a3a320d57adb725 by Łukasz Langa in branch '3.7': [3.7] bpo-44394: Update libexpat copy to 2.4.1 (GH-26945) (GH-28042) https://github.com/python/cpython/commit/79101b890ee021a901a8b6837a3a320d57adb725 --

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

STINNER Victor added the comment: I created https://python-security.readthedocs.io/vuln/expat-billion-laughs.html to track this vulnerability. -- ___ Python tracker <https://bugs.python.org/issue44

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Łukasz Langa added the comment: 3.6 will need a separate backport because it's using expat 2.2.6 at the moment (from b2260e59ff1eaf20de4738099005ddf507b7b27d). 3.7 conflicted since it didn't include local changes to the vendored 2.2.8 that were introduced in 3.8+. I fixed that, the backport

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Change by Łukasz Langa : -- pull_requests: +26487 pull_request: https://github.com/python/cpython/pull/28042 ___ Python tracker ___

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Łukasz Langa added the comment: New changeset 007221a43e566db08c0c5c00756d80dfd9dccafe by Miss Islington (bot) in branch '3.9': bpo-44394: Update libexpat copy to 2.4.1 (GH-26945) (GH-28032) https://github.com/python/cpython/commit/007221a43e566db08c0c5c00756d80dfd9dccafe --

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

miss-islington added the comment: New changeset 270678564c16452614a8acd93763bdf64fb4d286 by Miss Islington (bot) in branch '3.10': bpo-44394: Update libexpat copy to 2.4.1 (GH-26945) https://github.com/python/cpython/commit/270678564c16452614a8acd93763bdf64fb4d286 --

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Łukasz Langa added the comment: New changeset c9c2a0bc9820f93f1020f3498f6893a3544c9b76 by Miss Islington (bot) in branch '3.8': bpo-44394: Update libexpat copy to 2.4.1 (GH-26945) (GH-28033) https://github.com/python/cpython/commit/c9c2a0bc9820f93f1020f3498f6893a3544c9b76 --

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Change by miss-islington : -- pull_requests: +26477 pull_request: https://github.com/python/cpython/pull/28032 ___ Python tracker ___

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Łukasz Langa added the comment: New changeset 3fc5d84046ddbd66abac5b598956ea34605a4e5d by Victor Stinner in branch 'main': bpo-44394: Update libexpat copy to 2.4.1 (GH-26945) https://github.com/python/cpython/commit/3fc5d84046ddbd66abac5b598956ea34605a4e5d --

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Change by miss-islington : -- pull_requests: +26478 pull_request: https://github.com/python/cpython/pull/28033 ___ Python tracker ___

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Change by miss-islington : -- nosy: +miss-islington nosy_count: 6.0 -> 7.0 pull_requests: +26476 pull_request: https://github.com/python/cpython/pull/28031 ___ Python tracker

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

STINNER Victor added the comment: Attached cpython_rebuild_expat_dir.sh script updates Modules/expat/ to our libexpat copy to 2.4.1. I used it to create attached PR 26945. -- Added file: https://bugs.python.org/file50129/cpython_rebuild_expat_dir.sh

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Change by STINNER Victor : -- keywords: +patch pull_requests: +25512 stage: -> patch review pull_request: https://github.com/python/cpython/pull/26945 ___ Python tracker ___

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Change by STINNER Victor : -- nosy: +lukasz.langa, ned.deily, pablogsal ___ Python tracker ___ ___ Python-bugs-list mailing list

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Change by sping : -- title: [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Updated to vendoed copy to expat 2.4.1 -> [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Updated to vendoed copy to expat 2.4.1

sping added the comment: FTR that^^ Sebastian is me :) -- nosy: +sping ___ Python tracker ___ ___ Python-bugs-list mailing list

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Updated to vendoed copy to expat 2.4.1

Guido van Rossum added the comment: (From PSRT list, Sebastian:) Please note that the vulnerability fix also added two new functions to the API that would be great to have xml.parsers.expat expose to the users for full control. These are: -

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Updated to vendoed copy to expat 2.4.1

New submission from STINNER Victor : Our vendored copy of Modules/expat/ should be updated to Expat 2.4.1 to retrieve the fix for the security vulnerabily CVE-2013-0340 "Billion Laughs": https://blog.hartwork.org/posts/cve-2013-0340-billion-laughs-fixed-in-expat-2-4-0/

[issue43560] Modify SAX/expat parsing to avoid fragmentation of already-tiny content chunks

... > print(parser.name) "Colchuck" But then, after successfully extracting content from perhaps hundreds of thousands of XML tag sets in this way, the parsing suddenly "drops" a few characters of content. > print(parser.name) "lchuck" Whil

[issue39512] expat parser not xml 1.1 compliant (breaks xmlrpclib) - still

Terry J. Reedy added the comment: Stefen, do you know anything about this? There is no coredev expert for xmlrpc. -- nosy: +scode, terry.reedy title: expat parser not xml 1.1 (breaks xmlrpclib) - still -> expat parser not xml 1.1 compliant (breaks xmlrpclib) - st

[issue39512] expat parser not xml 1.1 (breaks xmlrpclib) - still

New submission from Malte Forkel : xmlrpc uses expat, which is not XML 1.1 compliant. Therefore, when transferring text, some characters which a valid according to the XML-RPC specification (http://xmlrpc.com/spec.md) will trigger expat to raise xml.parsers.expat.ExpatError: not well-formed

[issue38487] expat infinite loop

New submission from Marcos Dione : I'm trying to add external entities support to xmltodict[1]. For that I extended the handler to have a ExternalEntityRefHandler handler. After reading a couple of files, the script lock in a tight loop. I ran the script with gdb (!!) and found that expat

[issue38174] Security vulnerability in bundled expat CVE-2019-15903 (fix available in expat 2.2.8)

Larry Hastings added the comment: New changeset c386c8b06c6e92786f083ef6aba27b37087fdd20 by larryhastings (Victor Stinner) in branch '3.5': closes bpo-38174: Update vendored expat library to 2.2.8. (GH-16346) (#16434) https://github.com/python/cpython/commit

[issue38174] Security vulnerability in bundled expat CVE-2019-15903 (fix available in expat 2.2.8)

Ned Deily added the comment: Perhaps this should be a release blocker for 3.5.8. Larry? -- nosy: +larry, ned.deily ___ Python tracker ___

[issue38174] Security vulnerability in bundled expat CVE-2019-15903 (fix available in expat 2.2.8)

Change by STINNER Victor : -- pull_requests: +16013 stage: resolved -> patch review pull_request: https://github.com/python/cpython/pull/16434 ___ Python tracker ___

[issue38174] Security vulnerability in bundled expat CVE-2019-15903 (fix available in expat 2.2.8)

Benjamin Peterson added the comment: You're welcome to 3.5. On Thu, Sep 26, 2019, at 00:23, STINNER Victor wrote: > > STINNER Victor added the comment: > > Benjamin: Python 3.5 is in the Versions field, but I don't see any > change related to 3.5 yet. It's also impacted, no? Do you plan

[issue38174] Security vulnerability in bundled expat CVE-2019-15903 (fix available in expat 2.2.8)

STINNER Victor added the comment: Benjamin: Python 3.5 is in the Versions field, but I don't see any change related to 3.5 yet. It's also impacted, no? Do you plan to backport the fix? I can do it if you want. -- resolution: fixed -> status: closed -> open

[issue38174] Security vulnerability in bundled expat CVE-2019-15903 (fix available in expat 2.2.8)

STINNER Victor added the comment: > New changeset 90b4e49c98dd0ff948e13dd0618240c2294eb23d by Benjamin Peterson > in branch '2.7': > bpo-38174 follow up: Remove loadlibrary.c from VS9.0. (GH-16411) Oh, I was going to report AMD64 Windows7 SP1 VS9.0 2.7 buildbot failure and propose a fix,

[issue38174] Security vulnerability in bundled expat CVE-2019-15903 (fix available in expat 2.2.8)

Benjamin Peterson added the comment: New changeset 90b4e49c98dd0ff948e13dd0618240c2294eb23d by Benjamin Peterson in branch '2.7': bpo-38174 follow up: Remove loadlibrary.c from VS9.0. (GH-16411) https://github.com/python/cpython/commit/90b4e49c98dd0ff948e13dd0618240c2294eb23d --

[issue38174] Security vulnerability in bundled expat CVE-2019-15903 (fix available in expat 2.2.8)

Benjamin Peterson added the comment: New changeset f0501630b0ba31448c230c756b1027647f4ef100 by Benjamin Peterson in branch '3.6': [3.6] closes bpo-38174: Update vendored expat library to 2.2.8. (GH-16410) https://github.com/python/cpython/commit/f0501630b0ba31448c230c756b1027647f4ef100

[issue38174] Security vulnerability in bundled expat CVE-2019-15903 (fix available in expat 2.2.8)

Benjamin Peterson added the comment: New changeset d75bf44a2812a249663f979dc8379d27c1633ba5 by Benjamin Peterson in branch '3.8': [3.8] closes bpo-38174: Update vendored expat library to 2.2.8. (GH-16409) https://github.com/python/cpython/commit/d75bf44a2812a249663f979dc8379d27c1633ba5

[issue38174] Security vulnerability in bundled expat CVE-2019-15903 (fix available in expat 2.2.8)

Benjamin Peterson added the comment: New changeset 8e4622ea898bdda687eb2fb0747721c0cd8b0d02 by Benjamin Peterson in branch '3.7': [3.7] closes bpo-38174: Update vendored expat library to 2.2.8. (GH-16407) https://github.com/python/cpython/commit/8e4622ea898bdda687eb2fb0747721c0cd8b0d02

[issue38174] Security vulnerability in bundled expat CVE-2019-15903 (fix available in expat 2.2.8)

Change by Benjamin Peterson : -- pull_requests: +15993 pull_request: https://github.com/python/cpython/pull/16411 ___ Python tracker ___

[issue38174] Security vulnerability in bundled expat CVE-2019-15903 (fix available in expat 2.2.8)

Benjamin Peterson added the comment: New changeset e73b93ab3e0bc2e5a3591f125f465353e025ecaf by Benjamin Peterson in branch '2.7': [2.7] closes bpo-38174: Update vendored expat library to 2.2.8. (GH-16408) https://github.com/python/cpython/commit/e73b93ab3e0bc2e5a3591f125f465353e025ecaf

[issue38174] Security vulnerability in bundled expat CVE-2019-15903 (fix available in expat 2.2.8)

Change by Benjamin Peterson : -- pull_requests: +15992 pull_request: https://github.com/python/cpython/pull/16410 ___ Python tracker ___

[issue38174] Security vulnerability in bundled expat CVE-2019-15903 (fix available in expat 2.2.8)

Change by Benjamin Peterson : -- pull_requests: +15991 pull_request: https://github.com/python/cpython/pull/16409 ___ Python tracker ___

[issue38174] Security vulnerability in bundled expat CVE-2019-15903 (fix available in expat 2.2.8)

Change by Benjamin Peterson : -- pull_requests: +15990 pull_request: https://github.com/python/cpython/pull/16408 ___ Python tracker ___

[issue38174] Security vulnerability in bundled expat CVE-2019-15903 (fix available in expat 2.2.8)

Change by Benjamin Peterson : -- pull_requests: +15989 pull_request: https://github.com/python/cpython/pull/16407 ___ Python tracker ___

[issue38174] Security vulnerability in bundled expat CVE-2019-15903 (fix available in expat 2.2.8)

Benjamin Peterson added the comment: New changeset 52b940803860e37bcc3f6096b2d24e7c20a0e807 by Benjamin Peterson in branch 'master': closes bpo-38174: Update vendored expat library to 2.2.8. (GH-16346) https://github.com/python/cpython/commit/52b940803860e37bcc3f6096b2d24e7c20a0e807

[issue38174] Security vulnerability in bundled expat CVE-2019-15903 (fix available in expat 2.2.8)

Change by Benjamin Peterson : -- keywords: +patch pull_requests: +15923 stage: -> patch review pull_request: https://github.com/python/cpython/pull/16346 ___ Python tracker

[issue38174] Security vulnerability in bundled expat CVE-2019-15903 (fix available in expat 2.2.8)

Change by Karthikeyan Singaravelan : -- nosy: +vstinner ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue38174] Security vulnerability in bundled expat CVE-2019-15903 (fix available in expat 2.2.8)

New submission from Uche Ogbuji : cpython bundles expat in Modules/expat/ and needs to be updated to expat-2.2.8 to security vulnerability CVE-2019-15903. >From Sebastian Pipping on XML-DEV ML: Expat 2.2.8 [1] has been released yesterday. This release fixes a security issue — a heap buf

[issue37437] update vendorized expat to 2.2.7

Ned Deily added the comment: New changeset cc0bf97d61fbe844843f28abc510a11f3ef09942 by Ned Deily (Miss Islington (bot)) in branch '3.7': closes bpo-37437: Update vendorized expat to 2.2.7. (GH-14436) https://github.com/python/cpython/commit/cc0bf97d61fbe844843f28abc510a11f3ef09942 New

[issue37437] update vendorized expat to 2.2.7

Benjamin Peterson added the comment: New changeset 29d6905826d4417426e70f6209ca5e0db7921685 by Benjamin Peterson (Miss Islington (bot)) in branch '3.6': Put pyexpatns.h include back. bpo-37437 (GH-14542) https://github.com/python/cpython/commit/29d6905826d4417426e70f6209ca5e0db7921685

[issue37437] update vendorized expat to 2.2.7

miss-islington added the comment: New changeset 03b01280825871f6a5bb165fe25d412e33751d45 by Miss Islington (bot) in branch '2.7': Put pyexpatns.h include back. bpo-37437 (GH-14539) https://github.com/python/cpython/commit/03b01280825871f6a5bb165fe25d412e33751d45 --

[issue37437] update vendorized expat to 2.2.7

miss-islington added the comment: New changeset f3130fab9c5cbc7125695dbd66cdc2fd76e20093 by Miss Islington (bot) in branch '3.7': Put pyexpatns.h include back. bpo-37437 (GH-14539) https://github.com/python/cpython/commit/f3130fab9c5cbc7125695dbd66cdc2fd76e20093 --

[issue37437] update vendorized expat to 2.2.7

miss-islington added the comment: New changeset 9bd5479f8aba2687f4b8de735b1de50ef1405f19 by Miss Islington (bot) in branch '3.8': Put pyexpatns.h include back. bpo-37437 (GH-14539) https://github.com/python/cpython/commit/9bd5479f8aba2687f4b8de735b1de50ef1405f19 --

[issue37437] update vendorized expat to 2.2.7

Change by miss-islington : -- pull_requests: +14357 pull_request: https://github.com/python/cpython/pull/14544 ___ Python tracker ___

[issue37437] update vendorized expat to 2.2.7

Change by miss-islington : -- pull_requests: +14356 pull_request: https://github.com/python/cpython/pull/14543 ___ Python tracker ___

  1   2   3   4   5   6   7   >