Author gregory.p.smith
Recipients Arfrever, Jim.Jewett, amaury.forgeotdarc, barry, benjamin.peterson, dmalcolm, georg.brandl, gregory.p.smith, pitrou, python-dev
Date 2012-07-14.21:39:33
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1342301974.37.0.460593575348.issue14340@psf.upfronthosting.co.za>
In-reply-to
Content
Reasons why it is a good idea to apply this change to 2.7.4 and 3.2.4:

* Memory leak in poolGrow (CVE-2012-1148)
* Resource leak in readfilemap.c (CVE-2012-1147)
* Buffer over-read and crash in big2_toUtf8 (CVE-2009-3560)
* Parser crash with special UTF-8 sequences (CVE-2009-3270)
* Dangling positionPtr after error (2855609) - http://sourceforge.net/tracker/?func=detail&aid=2855609&group_id=10127&atid=110127 - Specifically reported by a pyexpat user.
* Unitialized memory returned from XML_Parse (3206497) - http://sourceforge.net/tracker/?func=detail&aid=3206497&group_id=10127&atid=110127

The features 2.1.0 adds over 2.0.x are not exposed to pyexpat or Python users.
History
Date User Action Args
2012-07-14 21:39:34gregory.p.smithsetrecipients: + gregory.p.smith, barry, georg.brandl, amaury.forgeotdarc, pitrou, benjamin.peterson, Arfrever, dmalcolm, python-dev, Jim.Jewett
2012-07-14 21:39:34gregory.p.smithsetmessageid: <1342301974.37.0.460593575348.issue14340@psf.upfronthosting.co.za>
2012-07-14 21:39:33gregory.p.smithlinkissue14340 messages
2012-07-14 21:39:33gregory.p.smithcreate