Upgrade bundled expat to 2.5.0 #98739

New issue

Closed

Upgrade bundled expat to 2.5.0#98739

Assignees

Labels

3.7 (EOL)end of life3.8 (EOL)end of life3.9 (EOL)end of liferelease-blockertype-bugAn unexpected behavior, bug, or errortype-securityA security issue

Description

scdub

opened

on Oct 26, 2022

Upgrade the bundled libexpat version to 2.5.0 which includes a fix forCVE-2022-43680. I haven't evaluated whether CPython is directly impacted by this CVE, but can confirm that it is detected by binary analysis tools such as Black Duck.

Relatedlibexpat changelog includes additional fixes and details.

Metadata

Assignees

Labels

3.7 (EOL)end of life3.8 (EOL)end of life3.9 (EOL)end of liferelease-blockertype-bugAn unexpected behavior, bug, or errortype-securityA security issue

Projects

Release and Deferred blockers 🚫

Status

Done

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Upgrade bundled expat to 2.5.0 #98739

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions