[issue14340] Update embedded copy of expat - fix security & crash issues
Gregory P. Smith
report at bugs.python.org
Sat Jul 14 23:39:34 CEST 2012
Gregory P. Smith <greg at krypto.org> added the comment:
Reasons why it is a good idea to apply this change to 2.7.4 and 3.2.4:
* Memory leak in poolGrow (CVE-2012-1148)
* Resource leak in readfilemap.c (CVE-2012-1147)
* Buffer over-read and crash in big2_toUtf8 (CVE-2009-3560)
* Parser crash with special UTF-8 sequences (CVE-2009-3270)
* Dangling positionPtr after error (2855609) - http://sourceforge.net/tracker/?func=detail&aid=2855609&group_id=10127&atid=110127 - Specifically reported by a pyexpat user.
* Unitialized memory returned from XML_Parse (3206497) - http://sourceforge.net/tracker/?func=detail&aid=3206497&group_id=10127&atid=110127
The features 2.1.0 adds over 2.0.x are not exposed to pyexpat or Python users.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue14340>
_______________________________________
More information about the Python-bugs-list
mailing list