[issue29591] expat 2.2.0: Various security vulnerabilities in bundled expat (CVE-2016-0718 and CVE-2016-4472)
Larry Hastings
report at bugs.python.org
Tue Jul 11 09:18:53 EDT 2017
Larry Hastings added the comment:
I don't quite understand what's happening on this issue. I see that master, 3.6, 3.6, and 2.7 have been upgraded to expat 2.2.0. This issue was created to upgrade CPython to 2.2.0. But the PR against 3.3 and 3.4 upgrade expat to 2.2.1?!
I'm not against this change in principle, I'm just trying to understand why a) it doesn't match the issue, b) why 3.3 and 3.4 are special, c) why we don't upgrade master & 3.6 & 3.5 & 2.7 to expat 2.2.1.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue29591>
_______________________________________
More information about the Python-bugs-list
mailing list