[New-bugs-announce] [issue14340] Update embedded copy of expat - fix security & crash issues
Gregory P. Smith
report at bugs.python.org
Fri Mar 16 22:28:26 CET 2012
New submission from Gregory P. Smith <greg at krypto.org>:
As pointed out in #14234, our embedded copy of expat used by pyexpat for xml parsing in Modules/expat/ is out of date. There have been many fixes to expat that we have not applied including a few potential crash and security fixes.
We should upgrade it wholesale to the latest version for 3.3.
Someone should also audit expat changes to see if there are security fixes for expat that should be backported to 2.6/2.7/3.1/3.2 as platforms without a system expat such as Windows (and 2.6 and 3.1) will contain those problems.
I am marking this a release blocker for 3.3 to ensure expat is updated before then. I would *not* hold up the existing round of release candidates for this, the next security+bugfix updates can contain these changes.
----------
components: Extension Modules
messages: 156087
nosy: Arfrever, Jim.Jewett, amaury.forgeotdarc, barry, benjamin.peterson, dmalcolm, georg.brandl, gregory.p.smith, pitrou
priority: release blocker
severity: normal
status: open
title: Update embedded copy of expat - fix security & crash issues
type: security
versions: Python 3.3
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue14340>
_______________________________________
More information about the New-bugs-announce
mailing list