This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author Natanael Copa
Recipients Natanael Copa
Date 2017-02-17.15:39:39
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1487345979.72.0.358826213221.issue29591@psf.upfronthosting.co.za>
In-reply-to
Content 
cpython bundles expat in Modules/expat/ and needs to be updated to expat-2.2.0 to fix various security vulnerabilities.

21 June 2016, Expat 2.2.0 released.
Release 2.2.0 includes security & other bug fixes.

Security fixes

CVE-2016-0718 (issue 537)
Fix crash on malformed input

CVE-2016-4472
Improve insufficient fix to CVE-2015-1283 / CVE-2015-2716 introduced with Expat 2.1.1

CVE-2016-5300 (issue 499)
Use more entropy for hash initialization than the original fix to CVE-2012-0876

CVE-2012-6702 (issue 519)
Resolve troublesome internal call to srand that was introduced with Expat 2.1.0 when addressing CVE-2012-0876 (issue 496)

Fix should be applied to all maintained python branches.
History
Date User Action Args
2017-02-17 15:39:39Natanael Copasetrecipients: + Natanael Copa
2017-02-17 15:39:39Natanael Copasetmessageid: <1487345979.72.0.358826213221.issue29591@psf.upfronthosting.co.za>
2017-02-17 15:39:39Natanael Copalinkissue29591 messages
2017-02-17 15:39:39Natanael Copacreate