[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1
Stefan Behnel
report at bugs.python.org
Sat Jan 1 09:27:08 EST 2022
Stefan Behnel <stefan_ml at behnel.de> added the comment:
I'd like to ask for clarification regarding issue 45321, which adds the missing error constants to the `expat` module. I consider those new features – it seems inappropriate to add new module constants in the middle of a release series. However, in this ticket here, the libexpat version was updated all the way back to Py3.6, to solve a security issue.
Should we also backport the error constants then?
----------
nosy: +scoder
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue44394>
_______________________________________
More information about the Python-bugs-list
mailing list