[issue46794] Please update bundled libexpat to 2.4.6 with security fixes (5 CVEs)
sping
report at bugs.python.org
Fri Mar 4 11:46:05 EST 2022
sping <sebastian at pipping.org> added the comment:
Hi mattip,
at the core the problem is not the use of non-URI character "}" for a namespace separator but the use of non-URI character "}" in a namespace URI. test_issue3151 is mistaken (meaning that non-URI characters in URIs are malformed XML) and the test has been removed in CPython pull request https://github.com/python/cpython/pull/31453/files . Expat pull request https://github.com/libexpat/libexpat/pull/577 is related but it's about URI characters not about non-URI ones, so it does not change anything about test_issue3151 in PyPy. Does that make sense?
Best, Sebastian
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue46794>
_______________________________________
More information about the Python-bugs-list
mailing list