This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author ned.deily
Recipients ned.deily, vstinner
Date 2017-06-18.03:01:26
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1497754887.58.0.724129384272.issue30694@psf.upfronthosting.co.za>
In-reply-to
Content 
From the announcement:

Expat 2.2.1 has been released.  The change log has more details [2] than this mail, including commit SHA1s. For a quick overview of the security fixes and CVEs, we have:

   CVE-2017-9233  External entity infinite loop DoS [1]
  (CVE-2016-9063) Integer overflow (re-fix)
             n/a  More integer overflow fixes
  (CVE-2016-0718) Fix regression bugs from 2.2.0's fix to CVE-2016-0718
  (CVE-2016-5300) Use os-specific entropy sources like getrandom
             n/a  No longer leak parser pointer information
             n/a  Prevent use of uninitialised variables
             n/a  Add missing API parameter validation (NULL, len<0)
  (CVE-2012-0876) Counter hash flooding with SipHash

https://github.com/libexpat/libexpat/blob/R_2_2_1/expat/Changes

https://libexpat.github.io/doc/cve-2017-9233/
History
Date User Action Args
2017-06-18 03:01:27ned.deilysetrecipients: + ned.deily, vstinner
2017-06-18 03:01:27ned.deilysetmessageid: <1497754887.58.0.724129384272.issue30694@psf.upfronthosting.co.za>
2017-06-18 03:01:27ned.deilylinkissue30694 messages
2017-06-18 03:01:26ned.deilycreate