Message156087
As pointed out in #14234, our embedded copy of expat used by pyexpat for xml parsing in Modules/expat/ is out of date. There have been many fixes to expat that we have not applied including a few potential crash and security fixes.
We should upgrade it wholesale to the latest version for 3.3.
Someone should also audit expat changes to see if there are security fixes for expat that should be backported to 2.6/2.7/3.1/3.2 as platforms without a system expat such as Windows (and 2.6 and 3.1) will contain those problems.
I am marking this a release blocker for 3.3 to ensure expat is updated before then. I would *not* hold up the existing round of release candidates for this, the next security+bugfix updates can contain these changes. |
|
Date |
User |
Action |
Args |
2012-03-16 21:28:26 | gregory.p.smith | set | recipients:
+ gregory.p.smith, barry, georg.brandl, amaury.forgeotdarc, pitrou, benjamin.peterson, Arfrever, dmalcolm, Jim.Jewett |
2012-03-16 21:28:26 | gregory.p.smith | set | messageid: <1331933306.8.0.658837557797.issue14340@psf.upfronthosting.co.za> |
2012-03-16 21:28:26 | gregory.p.smith | link | issue14340 messages |
2012-03-16 21:28:25 | gregory.p.smith | create | |
|