Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Please upgrade bundled Expat to 2.6.4 (e.g. for the fix to CVE-2024-50602) #126623

Open
hartwork opened this issue Nov 9, 2024 · 1 comment
Open

Please upgrade bundled Expat to 2.6.4 (e.g. for the fix to CVE-2024-50602) #126623

hartwork opened this issue Nov 9, 2024 · 1 comment
Assignees
@sethmlarson
Labels
3.9 only security fixes 3.10 only security fixes 3.11 only security fixes 3.12 bugs and security fixes 3.13 bugs and security fixes 3.14 new features, bugs and security fixes extension-modules C modules in the Modules dir topic-XML type-security A security issue

Comments

@hartwork
Copy link
Contributor

hartwork commented Nov 9, 2024
edited by bedevere-app bot
Loading

Bug report

Bug description:

Hi! 👋

Please upgrade bundled Expat to 2.6.4 (e.g. for the fix to CVE-2024-50602).

The CPython issue for previous 2.6.3 was #123678 and the related merged main pull request was #123689, in case you want to have a look. The Dockerfile from comment #123689 (review) could be of help with raising confidence in a bump pull request when going forward.

Thanks in advance!

CPython versions tested on:

3.9, 3.10, 3.11, 3.12, 3.13, 3.14, CPython main branch

Operating systems tested on:

Linux, macOS, Windows, Other

Linked PRs
@hartwork hartwork added the type-bug An unexpected behavior, bug, or error label Nov 9, 2024
@hugovk hugovk added the type-security A security issue label Nov 9, 2024
@hartwork hartwork mentioned this issue Nov 9, 2024
Closed
27 tasks
@ZeroIntensity ZeroIntensity added 3.11 only security fixes 3.10 only security fixes 3.9 only security fixes 3.12 bugs and security fixes 3.13 bugs and security fixes 3.14 new features, bugs and security fixes labels Nov 9, 2024
@ZeroIntensity
Copy link
Member

cc @sethmlarson

@picnixz picnixz mentioned this issue Nov 9, 2024
Open
@picnixz picnixz added extension-modules C modules in the Modules dir topic-XML and removed type-bug An unexpected behavior, bug, or error labels Nov 9, 2024
@bedevere-app bedevere-app bot mentioned this issue Nov 13, 2024
Merged
gpshead pushed a commit that referenced this issue Nov 13, 2024
@sethmlarson
gh-126623: Update libexpat to 2.6.4, make future updates easier (GH-1…
3c99969 
…26792)

Update libexpat to 2.6.4, make future updates easier.
miss-islington pushed a commit to miss-islington/cpython that referenced this issue Nov 13, 2024
@sethmlarson @miss-islington
pythongh-126623: Update libexpat to 2.6.4, make future updates easier (
66d95bb 
…pythonGH-126792)

Update libexpat to 2.6.4, make future updates easier.
(cherry picked from commit 3c9996909402fadc98e6ca2a64e75a71a7427352)

Co-authored-by: Seth Michael Larson <seth@python.org>
miss-islington pushed a commit to miss-islington/cpython that referenced this issue Nov 13, 2024
@sethmlarson @miss-islington
pythongh-126623: Update libexpat to 2.6.4, make future updates easier (
a16c365 
…pythonGH-126792)

Update libexpat to 2.6.4, make future updates easier.
(cherry picked from commit 3c99969)

Co-authored-by: Seth Michael Larson <seth@python.org>
This was referenced Nov 13, 2024
Merged
Merged
sethmlarson added a commit to sethmlarson/cpython that referenced this issue Nov 13, 2024
@sethmlarson
[3.11] pythongh-126623: Update libexpat to 2.6.4, make future updates…
fbff1ae 
… easier (pythonGH-126792)

Update libexpat to 2.6.4, make future updates easier.
(cherry picked from commit 3c99969)

Co-authored-by: Seth Michael Larson <seth@python.org>
@bedevere-app bedevere-app bot mentioned this issue Nov 13, 2024
Open
sethmlarson added a commit to sethmlarson/cpython that referenced this issue Nov 13, 2024
@sethmlarson
[3.10] pythongh-126623: Update libexpat to 2.6.4, make future updates…
f2949e2 
… easier (pythonGH-126792)

Update libexpat to 2.6.4, make future updates easier.
(cherry picked from commit 3c99969)

Co-authored-by: Seth Michael Larson <seth@python.org>
@bedevere-app bedevere-app bot mentioned this issue Nov 13, 2024
Open
sethmlarson added a commit to sethmlarson/cpython that referenced this issue Nov 13, 2024
@sethmlarson
[3.9] pythongh-126623: Update libexpat to 2.6.4, make future updates …
a60574e 
…easier (pythonGH-126792)

Update libexpat to 2.6.4, make future updates easier.
(cherry picked from commit 3c99969)

Co-authored-by: Seth Michael Larson <seth@python.org>
@bedevere-app bedevere-app bot mentioned this issue Nov 13, 2024
Open
sethmlarson added a commit to sethmlarson/cpython that referenced this issue Nov 13, 2024
@sethmlarson
[3.8] pythongh-126623: Update libexpat to 2.6.4, make future updates …
7d48f06 
…easier (pythonGH-126792)

Update libexpat to 2.6.4, make future updates easier.
(cherry picked from commit 3c99969)

Co-authored-by: Seth Michael Larson <seth@python.org>
gpshead pushed a commit that referenced this issue Nov 13, 2024
@miss-islington @sethmlarson
[3.12] gh-126623: Update libexpat to 2.6.4, make future updates easier (
9e86d21 
GH-126792) (GH-126797)

gh-126623: Update libexpat to 2.6.4, make future updates easier (GH-126792)

Update libexpat to 2.6.4, make future updates easier.
(cherry picked from commit 3c99969)

Co-authored-by: Seth Michael Larson <seth@python.org>
gpshead pushed a commit that referenced this issue Nov 13, 2024
@miss-islington @sethmlarson
[3.13] gh-126623: Update libexpat to 2.6.4, make future updates easier (
1d6ba84 
GH-126792) (GH-126796)

gh-126623: Update libexpat to 2.6.4, make future updates easier (GH-126792)

Update libexpat to 2.6.4, make future updates easier.
(cherry picked from commit 3c99969)

Co-authored-by: Seth Michael Larson <seth@python.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sethmlarson sethmlarson

Labels
3.9 only security fixes 3.10 only security fixes 3.11 only security fixes 3.12 bugs and security fixes 3.13 bugs and security fixes 3.14 new features, bugs and security fixes extension-modules C modules in the Modules dir topic-XML type-security A security issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@hugovk @hartwork @picnixz @sethmlarson @ZeroIntensity