Closed
Description
Bug report
Bug description:
Hi! 👋
Please upgrade bundled Expat to 2.7.0 (e.g. for the fix to CVE-2024-8176).
- GitHub release: https://github.com/libexpat/libexpat/releases/tag/R_2_7_0
- Change log: https://github.com/libexpat/libexpat/blob/R_2_7_0/expat/Changes
- Bonus: Blog post Recursion kills: The story behind CVE-2024-8176 in libexpat
The CPython issue for previous 2.6.4 was #126623 and the related merged main pull request was #126792, in case you want to have a look. The Dockerfile from comment #123689 (review) could be of help with raising confidence in a bump pull request when going forward.
Thanks in advance!
CPython versions tested on:
3.9, 3.10, 3.11, 3.12, 3.13, 3.14, CPython main branch
Operating systems tested on:
Linux, macOS, Windows, Other
Linked PRs
- gh-131261: Update libexpat to 2.7.0 (CVE-2024-8176) #131272
- gh-131261: expat/refresh.sh: Expand list of manual steps #131359
- [3.13] gh-131261: Update libexpat to 2.7.0 (CVE-2024-8176) (GH-131272) #131360
- [3.12] gh-131261: Update libexpat to 2.7.0 (CVE-2024-8176) #131361
- [3.11] gh-131261: Update libexpat to 2.7.0 (CVE-2024-8176) (GH-131272) #131362
- [3.10] gh-131261: Update libexpat to 2.7.0 (CVE-2024-8176) (GH-131272) #131363
- [3.9] gh-131261: Update libexpat to 2.7.0 (CVE-2024-8176) (GH-131272) #131364
Metadata
Metadata
Assignees
Labels
only security fixesonly security fixesonly security fixesonly security fixesonly security fixesonly security fixesbugs and security fixesbugs and security fixesbugs and security fixesbugs and security fixesonly security fixesonly security fixesC modules in the Modules dirC modules in the Modules dirA security issueA security issue
Projects
Status
Done