Created on 2016-03-14 10:31 by christian.heimes, last changed 2016-06-21 21:59 by Carson Lam. This issue is now closed.
| Messages (10) | |||
|---|---|---|---|
| msg261741 - (view) | Author: Christian Heimes (christian.heimes) *  |
Date: 2016-03-14 10:31 | |
A new version of expat has been released. 2.2.1 addressed CVE-2015-1283. |
|||
| msg262020 - (view) | Author: Larry Hastings (larry) * |
Date: 2016-03-19 06:51 | |
Christian: Is that CVE the same crash as reported by mail by Gustavo Grieco? |
|||
| msg262058 - (view) | Author: Christian Heimes (christian.heimes) * |
Date: 2016-03-19 20:26 | |
No, the other problem is CVE-2016-0718. We are still looking into the matter. |
|||
| msg265425 - (view) | Author: Ned Deily (ned.deily) * |
Date: 2016-05-12 20:38 | |
Any progress on this? It is still flagged as a Release Blocker and releases are approaching. |
|||
| msg265426 - (view) | Author: Christian Heimes (christian.heimes) * |
Date: 2016-05-12 20:51 | |
Another critical bug fix will be released next Tuesday. |
|||
| msg267619 - (view) | Author: Larry Hastings (larry) * |
Date: 2016-06-07 10:26 | |
Was this critical bug fix released on May 17th as promised? I will not hold up 3.5.2 for this. 3.5.2 has waited long enough. |
|||
| msg267697 - (view) | Author: Christian Heimes (christian.heimes) * |
Date: 2016-06-07 15:42 | |
There is another security release for expat planned, but we can skip it for now. I'll provide a patch for Python 2 and 3 with 2.1.1 by tomorrow. |
|||
| msg268069 - (view) | Author: Brian Martin (Brian Martin) | Date: 2016-06-09 23:55 | |
Per http://expat.sourceforge.net/, version 2.1.1 fixes CVE-2015-1283, not 2.2.1 as mentioned in a comment. |
|||
| msg268202 - (view) | Author: Larry Hastings (larry) * |
Date: 2016-06-11 08:52 | |
Christian: I don't see any checkins on this issue, and I tag 3.4.4 rc1 and 3.5.2 rc1 in about twelve hours. As I mentioned to you in person at the PyCon 2016 sprints, I'm not holding up either of these releases for the expat update. If this is still open when it's time for me to tag those releases, I'll flip this to "deferred blocker". |
|||
| msg268268 - (view) | Author: Roundup Robot (python-dev) | Date: 2016-06-11 20:35 | |
New changeset d8a0a016d8d4 by Benjamin Peterson in branch '2.7': upgrade expt to 2.1.1 (closes #26556) https://hg.python.org/cpython/rev/d8a0a016d8d4 New changeset bb3ce78572f5 by Benjamin Peterson in branch '3.4': upgrade expt to 2.1.1 (closes #26556) https://hg.python.org/cpython/rev/bb3ce78572f5 New changeset f3c36afdedae by Benjamin Peterson in branch '3.5': merge 3.4 (#26556) https://hg.python.org/cpython/rev/f3c36afdedae New changeset 77353f0106cc by Benjamin Peterson in branch 'default': merge 3.5 (#26556) https://hg.python.org/cpython/rev/77353f0106cc |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2016-06-21 21:59:59 | Carson Lam | set | title: Update expat to 2.2.1 -> Update expat to 2.1.1 |
| 2016-06-11 20:35:41 | python-dev | set | status: open -> closed nosy: + python-dev messages: + msg268268 resolution: fixed stage: needs patch -> resolved |
| 2016-06-11 08:52:02 | larry | set | messages: + msg268202 |
| 2016-06-09 23:55:40 | Brian Martin | set | nosy:
+ Brian Martin messages: + msg268069 |
| 2016-06-07 15:42:32 | christian.heimes | set | messages: + msg267697 |
| 2016-06-07 10:26:32 | larry | set | messages: + msg267619 |
| 2016-05-31 12:15:29 | mirko.dziadzka | set | nosy:
+ mirko.dziadzka |
| 2016-05-12 20:51:13 | christian.heimes | set | messages: + msg265426 |
| 2016-05-12 20:38:29 | ned.deily | set | messages: + msg265425 |
| 2016-05-12 20:32:45 | ned.deily | set | nosy:
+ ned.deily |
| 2016-03-19 20:26:24 | christian.heimes | set | messages: + msg262058 |
| 2016-03-19 06:51:10 | larry | set | messages: + msg262020 |
| 2016-03-14 10:31:35 | christian.heimes | create | |