[issue30947] Update embeded copy of libexpat to 2.2.2
STINNER Victor
report at bugs.python.org
Mon Jul 17 10:28:24 EDT 2017
STINNER Victor added the comment:
About the 3 security fixes (is the last change a security fix?).
"""
#43 Protect against compilation without any source of high
quality entropy enabled, e.g. with CMake build system;
commit ff0207e6076e9828e536b8d9cd45c9c92069b895
"""
Since Python uses its own entropy source, I don't think that this change impacts us.
https://github.com/libexpat/libexpat/commit/ff0207e6076e9828e536b8d9cd45c9c92069b895
"""
#60 Windows with _UNICODE:
Unintended use of LoadLibraryW with a non-wide string
resulted in failure to load advapi32.dll and degradation
in quality of used entropy when compiled with _UNICODE for
Windows; you can launch existing binaries with
EXPAT_ENTROPY_DEBUG=1 in the environment to inspect the
quality of entropy used during runtime; commits
* 95b95032f907ef1cd17ee7a9a1768010a825d61d
* 73a5a2e9c081f49f2d775cf7ced864158b68dc80
"""
I don't understand the consequence of this specific bug.
https://github.com/libexpat/libexpat/commit/95b95032f907ef1cd17ee7a9a1768010a825d61d
https://github.com/libexpat/libexpat/commit/73a5a2e9c081f49f2d775cf7ced864158b68dc80
"""
[MOX-006] Fix non-NULL parser parameter validation in XML_Parse;
resulted in NULL dereference, previously;
commit ac256dafdffc9622ab0dc2c62fcecb0dfcfa71fe
"""
I'm not sure that it's possible to call XML_Parse() with NULL in Python.
https://github.com/libexpat/libexpat/commit/ac256dafdffc9622ab0dc2c62fcecb0dfcfa71fe
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue30947>
_______________________________________
More information about the Python-bugs-list
mailing list