Upgrade our bundled copy of libexpat to the latest (2.4.9?) #97005
Comments
gpshead
added
type-bug
|
I did not look to see if our use of libexpat actually allows the CVE in question to be triggered. If so that suggests we should do this sooner rather than later, but it is good for us to stay up to date in a timely fashion regardless. |
|
cc @hartwork |
corona10
added a commit
to corona10/cpython
that referenced
this issue
Sep 22, 2022
corona10
added a commit
to corona10/cpython
that referenced
this issue
Sep 22, 2022
miss-islington
pushed a commit
to miss-islington/cpython
that referenced
this issue
Sep 22, 2022
Co-authored-by: Gregory P. Smith [Google] <[email protected]> (cherry picked from commit 10e3d39) Co-authored-by: Dong-hee Na <[email protected]>
corona10
added a commit
that referenced
this issue
Sep 22, 2022
Co-authored-by: Gregory P. Smith [Google] <[email protected]>
miss-islington
pushed a commit
to miss-islington/cpython
that referenced
this issue
Sep 22, 2022
Co-authored-by: Gregory P. Smith [Google] <[email protected]> (cherry picked from commit 10e3d39) Co-authored-by: Dong-hee Na <[email protected]>
miss-islington
pushed a commit
to miss-islington/cpython
that referenced
this issue
Sep 22, 2022
Co-authored-by: Gregory P. Smith [Google] <[email protected]> (cherry picked from commit 10e3d39) Co-authored-by: Dong-hee Na <[email protected]>
miss-islington
pushed a commit
to miss-islington/cpython
that referenced
this issue
Sep 22, 2022
Co-authored-by: Gregory P. Smith [Google] <[email protected]> (cherry picked from commit 10e3d39) Co-authored-by: Dong-hee Na <[email protected]>
This was referenced Sep 22, 2022
miss-islington
pushed a commit
to miss-islington/cpython
that referenced
this issue
Sep 22, 2022
Co-authored-by: Gregory P. Smith [Google] <[email protected]> (cherry picked from commit 10e3d39) Co-authored-by: Dong-hee Na <[email protected]>
miss-islington
added a commit
that referenced
this issue
Sep 22, 2022
Co-authored-by: Gregory P. Smith [Google] <[email protected]> (cherry picked from commit 10e3d39) Co-authored-by: Dong-hee Na <[email protected]>
miss-islington
added a commit
that referenced
this issue
Sep 22, 2022
Co-authored-by: Gregory P. Smith [Google] <[email protected]> (cherry picked from commit 10e3d39) Co-authored-by: Dong-hee Na <[email protected]>
27 tasks
ambv
pushed a commit
that referenced
this issue
Oct 4, 2022
) gh-97005: Update libexpat from 2.4.7 to 2.4.9 (gh-97006) Co-authored-by: Gregory P. Smith [Google] <[email protected]> (cherry picked from commit 10e3d39) Co-authored-by: Dong-hee Na <[email protected]> Co-authored-by: Ned Deily <[email protected]>
ambv
pushed a commit
that referenced
this issue
Oct 4, 2022
) gh-97005: Update libexpat from 2.4.7 to 2.4.9 (gh-97006) Co-authored-by: Gregory P. Smith [Google] <[email protected]> (cherry picked from commit 10e3d39) Co-authored-by: Dong-hee Na <[email protected]>
ambv
pushed a commit
that referenced
this issue
Oct 5, 2022
Co-authored-by: Gregory P. Smith [Google] <[email protected]> (cherry picked from commit 10e3d39) Co-authored-by: Dong-hee Na <[email protected]>
|
We can close this issue now :) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There have been important security fixes in libexpat since our update to 2.4.7. Such as one for https://nvd.nist.gov/vuln/detail/CVE-2022-40674.
This likely impacts our binary releases that use our bundled expat libraries (Windows and macOS?) the most. Some OS distro Python packages often link against their own expat package which they've probably already patched.
The text was updated successfully, but these errors were encountered: