This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: Update pyexpat for CVE-2021-45960
Type: security Stage: resolved
Components: XML Versions: Python 3.11, Python 3.10, Python 3.9, Python 3.8, Python 3.7
process
Status: closed Resolution: duplicate
Dependencies: Superseder: Please update bundled libexpat to 2.4.4 with security fixes (CVE-2021-45960)
View: 46400
Assigned To: Nosy List: ned.deily, steve.dower
Priority: normal Keywords:

Created on 2022-02-08 23:45 by steve.dower, last changed 2022-04-11 14:59 by admin. This issue is now closed.

Messages (3)
msg412880 - (view) Author: Steve Dower (steve.dower) * (Python committer) Date: 2022-02-08 23:45 
libexpat recently fixed a security issue relating to some arithmetic: https://github.com/libexpat/libexpat/pull/534

I assume we should take this fix, either by updating our entire bundled copy or just backporting the patch.
msg412881 - (view) Author: Ned Deily (ned.deily) * (Python committer) Date: 2022-02-09 00:01 
Duplicate of Issue46400 ?
msg412908 - (view) Author: Steve Dower (steve.dower) * (Python committer) Date: 2022-02-09 14:25 
Probably. I searched for the CVE number and didn't find it anywhere, but that issue only mentions the new release version.
History
Date User Action Args
2022-04-11 14:59:55adminsetgithub: 90845
2022-02-09 14:25:47steve.dowersetstatus: open -> closed
superseder: Please update bundled libexpat to 2.4.4 with security fixes (CVE-2021-45960)
messages: + msg412908

resolution: duplicate
stage: needs patch -> resolved
2022-02-09 00:01:05ned.deilysetnosy: + ned.deily
messages: + msg412881
2022-02-08 23:45:05steve.dowercreate