Message288014
cpython bundles expat in Modules/expat/ and needs to be updated to expat-2.2.0 to fix various security vulnerabilities.
21 June 2016, Expat 2.2.0 released.
Release 2.2.0 includes security & other bug fixes.
Security fixes
CVE-2016-0718 (issue 537)
Fix crash on malformed input
CVE-2016-4472
Improve insufficient fix to CVE-2015-1283 / CVE-2015-2716 introduced with Expat 2.1.1
CVE-2016-5300 (issue 499)
Use more entropy for hash initialization than the original fix to CVE-2012-0876
CVE-2012-6702 (issue 519)
Resolve troublesome internal call to srand that was introduced with Expat 2.1.0 when addressing CVE-2012-0876 (issue 496)
Fix should be applied to all maintained python branches. |
|
Date |
User |
Action |
Args |
2017-02-17 15:39:39 | Natanael Copa | set | recipients:
+ Natanael Copa |
2017-02-17 15:39:39 | Natanael Copa | set | messageid: <1487345979.72.0.358826213221.issue29591@psf.upfronthosting.co.za> |
2017-02-17 15:39:39 | Natanael Copa | link | issue29591 messages |
2017-02-17 15:39:39 | Natanael Copa | create | |
|