Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Please upgrade bundled Expat to 2.6.4 (e.g. for the fix to CVE-2024-50602) #126623

Closed
hartwork opened this issue Nov 9, 2024 · 2 comments
Closed
Assignees
Labels
3.9 only security fixes 3.10 only security fixes 3.11 only security fixes 3.12 bugs and security fixes 3.13 bugs and security fixes 3.14 new features, bugs and security fixes extension-modules C modules in the Modules dir topic-XML type-security A security issue

Comments

@hartwork
Copy link
Contributor

hartwork commented Nov 9, 2024

Bug report

Bug description:

Hi! 👋

Please upgrade bundled Expat to 2.6.4 (e.g. for the fix to CVE-2024-50602).

The CPython issue for previous 2.6.3 was #123678 and the related merged main pull request was #123689, in case you want to have a look. The Dockerfile from comment #123689 (review) could be of help with raising confidence in a bump pull request when going forward.

Thanks in advance!

CPython versions tested on:

3.9, 3.10, 3.11, 3.12, 3.13, 3.14, CPython main branch

Operating systems tested on:

Linux, macOS, Windows, Other

Linked PRs

@hartwork hartwork added the type-bug An unexpected behavior, bug, or error label Nov 9, 2024
@hugovk hugovk added the type-security A security issue label Nov 9, 2024
@ZeroIntensity ZeroIntensity added 3.11 only security fixes 3.10 only security fixes 3.9 only security fixes 3.12 bugs and security fixes 3.13 bugs and security fixes 3.14 new features, bugs and security fixes labels Nov 9, 2024
@ZeroIntensity
Copy link
Member

cc @sethmlarson

@picnixz picnixz added extension-modules C modules in the Modules dir topic-XML and removed type-bug An unexpected behavior, bug, or error labels Nov 9, 2024
gpshead pushed a commit that referenced this issue Nov 13, 2024
…26792)

Update libexpat to 2.6.4, make future updates easier.
miss-islington pushed a commit to miss-islington/cpython that referenced this issue Nov 13, 2024
…pythonGH-126792)

Update libexpat to 2.6.4, make future updates easier.
(cherry picked from commit 3c99969)

Co-authored-by: Seth Michael Larson <seth@python.org>
miss-islington pushed a commit to miss-islington/cpython that referenced this issue Nov 13, 2024
…pythonGH-126792)

Update libexpat to 2.6.4, make future updates easier.
(cherry picked from commit 3c99969)

Co-authored-by: Seth Michael Larson <seth@python.org>
sethmlarson added a commit to sethmlarson/cpython that referenced this issue Nov 13, 2024
… easier (pythonGH-126792)

Update libexpat to 2.6.4, make future updates easier.
(cherry picked from commit 3c99969)

Co-authored-by: Seth Michael Larson <seth@python.org>
sethmlarson added a commit to sethmlarson/cpython that referenced this issue Nov 13, 2024
… easier (pythonGH-126792)

Update libexpat to 2.6.4, make future updates easier.
(cherry picked from commit 3c99969)

Co-authored-by: Seth Michael Larson <seth@python.org>
sethmlarson added a commit to sethmlarson/cpython that referenced this issue Nov 13, 2024
…easier (pythonGH-126792)

Update libexpat to 2.6.4, make future updates easier.
(cherry picked from commit 3c99969)

Co-authored-by: Seth Michael Larson <seth@python.org>
sethmlarson added a commit to sethmlarson/cpython that referenced this issue Nov 13, 2024
…easier (pythonGH-126792)

Update libexpat to 2.6.4, make future updates easier.
(cherry picked from commit 3c99969)

Co-authored-by: Seth Michael Larson <seth@python.org>
gpshead pushed a commit that referenced this issue Nov 13, 2024
GH-126792) (GH-126797)

gh-126623: Update libexpat to 2.6.4, make future updates easier (GH-126792)

Update libexpat to 2.6.4, make future updates easier.
(cherry picked from commit 3c99969)

Co-authored-by: Seth Michael Larson <seth@python.org>
gpshead pushed a commit that referenced this issue Nov 13, 2024
GH-126792) (GH-126796)

gh-126623: Update libexpat to 2.6.4, make future updates easier (GH-126792)

Update libexpat to 2.6.4, make future updates easier.
(cherry picked from commit 3c99969)

Co-authored-by: Seth Michael Larson <seth@python.org>
ambv pushed a commit that referenced this issue Dec 2, 2024
ambv pushed a commit that referenced this issue Dec 2, 2024
ambv pushed a commit that referenced this issue Dec 3, 2024
GH-126792) (GH-126798)

Update libexpat to 2.6.4, make future updates easier.
(cherry picked from commit 3c99969)
@ambv
Copy link
Contributor

ambv commented Dec 3, 2024

Releases with the fix have gone out today. Thanks! ✨ 🍰 ✨

@ambv ambv closed this as completed Dec 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
3.9 only security fixes 3.10 only security fixes 3.11 only security fixes 3.12 bugs and security fixes 3.13 bugs and security fixes 3.14 new features, bugs and security fixes extension-modules C modules in the Modules dir topic-XML type-security A security issue
Projects
None yet
Development

No branches or pull requests

6 participants