Message 295502 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	Duy Phan Thanh
Recipients	Duy Phan Thanh
Date	2017-06-09.09:07:09
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1496999230.33.0.525014821898.issue30610@psf.upfronthosting.co.za>
In-reply-to

Content
Python's libexpat library is outdated and vulnerable to CVE-2016-0718 https://sourceforge.net/p/expat/bugs/537/ which can cause remote code execution through malicious xml files. The attached POC crashed both python 2.7 and python 3.5 on my windows machine.

Python's libexpat library is outdated and vulnerable to CVE-2016-0718 https://sourceforge.net/p/expat/bugs/537/
which can cause remote code execution through malicious xml files. The attached POC crashed both python 2.7 and python 3.5 on my windows machine.

History
Date	User	Action	Args
2017-06-09 09:07:10	Duy Phan Thanh	set	recipients: + Duy Phan Thanh
2017-06-09 09:07:10	Duy Phan Thanh	set	messageid: <1496999230.33.0.525014821898.issue30610@psf.upfronthosting.co.za>
2017-06-09 09:07:10	Duy Phan Thanh	link	issue30610 messages
2017-06-09 09:07:09	Duy Phan Thanh	create