-
-
Notifications
You must be signed in to change notification settings - Fork 30.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security vulnerability in bundled expat CVE-2019-15903 (fix available in expat 2.2.8) #82355
Comments
cpython bundles expat in Modules/expat/ and needs to be updated to expat-2.2.8 to security vulnerability CVE-2019-15903. From Sebastian Pipping on XML-DEV ML: Expat 2.2.8 [1] has been released yesterday. This release fixes a For more details regarding the latest release, please check out the If you maintain Expat packaging or a bundled copy of Expat or a pinned [1] https://github.com/libexpat/libexpat/releases/tag/R_2_2_8 |
Oh, I was going to report AMD64 Windows7 SP1 VS9.0 2.7 buildbot failure and propose a fix, but you already fixed it. Thanks! |
Benjamin: Python 3.5 is in the Versions field, but I don't see any change related to 3.5 yet. It's also impacted, no? Do you plan to backport the fix? I can do it if you want. |
You're welcome to 3.5. On Thu, Sep 26, 2019, at 00:23, STINNER Victor wrote:
|
Perhaps this should be a release blocker for 3.5.8. Larry? |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: