Message 288014 - Python tracker

Author	Natanael Copa
Recipients	Natanael Copa
Date	2017-02-17.15:39:39
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1487345979.72.0.358826213221.issue29591@psf.upfronthosting.co.za>
In-reply-to

Content
cpython bundles expat in Modules/expat/ and needs to be updated to expat-2.2.0 to fix various security vulnerabilities. 21 June 2016, Expat 2.2.0 released. Release 2.2.0 includes security & other bug fixes. Security fixes CVE-2016-0718 (issue 537) Fix crash on malformed input CVE-2016-4472 Improve insufficient fix to CVE-2015-1283 / CVE-2015-2716 introduced with Expat 2.1.1 CVE-2016-5300 (issue 499) Use more entropy for hash initialization than the original fix to CVE-2012-0876 CVE-2012-6702 (issue 519) Resolve troublesome internal call to srand that was introduced with Expat 2.1.0 when addressing CVE-2012-0876 (issue 496) Fix should be applied to all maintained python branches.

cpython bundles expat in Modules/expat/ and needs to be updated to expat-2.2.0 to fix various security vulnerabilities.

21 June 2016, Expat 2.2.0 released.
Release 2.2.0 includes security & other bug fixes.

Security fixes

CVE-2016-0718 (issue 537)
Fix crash on malformed input

CVE-2016-4472
Improve insufficient fix to CVE-2015-1283 / CVE-2015-2716 introduced with Expat 2.1.1

CVE-2016-5300 (issue 499)
Use more entropy for hash initialization than the original fix to CVE-2012-0876

CVE-2012-6702 (issue 519)
Resolve troublesome internal call to srand that was introduced with Expat 2.1.0 when addressing CVE-2012-0876 (issue 496)

Fix should be applied to all maintained python branches.

History
Date	User	Action	Args
2017-02-17 15:39:39	Natanael Copa	set	recipients: + Natanael Copa
2017-02-17 15:39:39	Natanael Copa	set	messageid: <1487345979.72.0.358826213221.issue29591@psf.upfronthosting.co.za>
2017-02-17 15:39:39	Natanael Copa	link	issue29591 messages
2017-02-17 15:39:39	Natanael Copa	create