[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Change by Guido van Rossum : -- nosy: -gvanrossum ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Stefan Behnel added the comment: I'd like to ask for clarification regarding issue 45321, which adds the missing error constants to the `expat` module. I consider those new features – it seems inappropriate to add new module constants in the middle of a release series. However, in this

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Łukasz Langa added the comment: New changeset 90004fca1cc3c6e3c9b2c3faae5cb1b7d7711648 by Miss Islington (bot) in branch '3.8': [3.8] bpo-44394: Ensure libexpat is linked against libm (GH-28617) (GH-28620) https://github.com/python/cpython/commit/90004fca1cc3c6e3c9b2c3faae5cb1b7d7711648

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Change by miss-islington : -- pull_requests: +26997 pull_request: https://github.com/python/cpython/pull/28627 ___ Python tracker ___

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Łukasz Langa added the comment: New changeset 412ae8ab10734b72384c969181919cc4eb154406 by Miss Islington (bot) in branch '3.10': [3.10] bpo-44394: Ensure libexpat is linked against libm (GH-28617) (GH-28621) https://github.com/python/cpython/commit/412ae8ab10734b72384c969181919cc4eb154406

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Change by Łukasz Langa : -- pull_requests: +26996 pull_request: https://github.com/python/cpython/pull/28624 ___ Python tracker ___

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

miss-islington added the comment: New changeset fafa213870193cf79557588ae8f9a4af570fd6e3 by Miss Islington (bot) in branch '3.9': bpo-44394: Ensure libexpat is linked against libm (GH-28617) https://github.com/python/cpython/commit/fafa213870193cf79557588ae8f9a4af570fd6e3 --

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Change by miss-islington : -- pull_requests: +26994 pull_request: https://github.com/python/cpython/pull/28621 ___ Python tracker ___

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Pablo Galindo Salgado added the comment: New changeset 6c1154b9de29e1c9cd3d05f5289543e5cff73895 by Pablo Galindo Salgado in branch 'main': bpo-44394: Ensure libexpat is linked against libm (GH-28617) https://github.com/python/cpython/commit/6c1154b9de29e1c9cd3d05f5289543e5cff73895

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Change by miss-islington : -- pull_requests: +26993 pull_request: https://github.com/python/cpython/pull/28620 ___ Python tracker ___

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Change by miss-islington : -- pull_requests: +26992 pull_request: https://github.com/python/cpython/pull/28619 ___ Python tracker ___

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Change by Pablo Galindo Salgado : -- pull_requests: +26988 pull_request: https://github.com/python/cpython/pull/28617 ___ Python tracker ___

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

sping added the comment: For the AIX link error that Pablo brought up, there is merged pull request https://github.com/libexpat/libexpat/pull/510 upstream. -- ___ Python tracker

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Pablo Galindo Salgado added the comment: The backport to 3.8 broke 3.8.12 in AIX: 0/Modules/_decimal/libmpdec/sixstep.o build/temp.aix-7.1-3.8/tmp/python3.8-3.8.12-0/Modules/_decimal/libmpdec/transpose.o -L. -L/opt/bb/lib -L/opt/bb/lib64 -R/opt/bb/lib64 -lm -o

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Ned Deily added the comment: PRs merged in 3.7 branch for release in 3.7.12 and in 3.6 branch for release in 3.6.15. -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Ned Deily added the comment: New changeset 910886a6448e4bf1edf49eeace4aa240b6403772 by Ned Deily in branch '3.6': [3.6] bpo-44394: Update libexpat copy to 2.4.1 (GH-26945) (GH-28042) (GH-28080) https://github.com/python/cpython/commit/910886a6448e4bf1edf49eeace4aa240b6403772 --

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Change by Ned Deily : -- pull_requests: +26523 pull_request: https://github.com/python/cpython/pull/28080 ___ Python tracker ___

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Ned Deily added the comment: New changeset 79101b890ee021a901a8b6837a3a320d57adb725 by Łukasz Langa in branch '3.7': [3.7] bpo-44394: Update libexpat copy to 2.4.1 (GH-26945) (GH-28042) https://github.com/python/cpython/commit/79101b890ee021a901a8b6837a3a320d57adb725 --

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

STINNER Victor added the comment: I created https://python-security.readthedocs.io/vuln/expat-billion-laughs.html to track this vulnerability. -- ___ Python tracker ___

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Łukasz Langa added the comment: 3.6 will need a separate backport because it's using expat 2.2.6 at the moment (from b2260e59ff1eaf20de4738099005ddf507b7b27d). 3.7 conflicted since it didn't include local changes to the vendored 2.2.8 that were introduced in 3.8+. I fixed that, the backport

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Change by Łukasz Langa : -- pull_requests: +26487 pull_request: https://github.com/python/cpython/pull/28042 ___ Python tracker ___

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Łukasz Langa added the comment: New changeset 007221a43e566db08c0c5c00756d80dfd9dccafe by Miss Islington (bot) in branch '3.9': bpo-44394: Update libexpat copy to 2.4.1 (GH-26945) (GH-28032) https://github.com/python/cpython/commit/007221a43e566db08c0c5c00756d80dfd9dccafe --

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

miss-islington added the comment: New changeset 270678564c16452614a8acd93763bdf64fb4d286 by Miss Islington (bot) in branch '3.10': bpo-44394: Update libexpat copy to 2.4.1 (GH-26945) https://github.com/python/cpython/commit/270678564c16452614a8acd93763bdf64fb4d286 --

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Łukasz Langa added the comment: New changeset c9c2a0bc9820f93f1020f3498f6893a3544c9b76 by Miss Islington (bot) in branch '3.8': bpo-44394: Update libexpat copy to 2.4.1 (GH-26945) (GH-28033) https://github.com/python/cpython/commit/c9c2a0bc9820f93f1020f3498f6893a3544c9b76 --

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Change by miss-islington : -- pull_requests: +26477 pull_request: https://github.com/python/cpython/pull/28032 ___ Python tracker ___

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Łukasz Langa added the comment: New changeset 3fc5d84046ddbd66abac5b598956ea34605a4e5d by Victor Stinner in branch 'main': bpo-44394: Update libexpat copy to 2.4.1 (GH-26945) https://github.com/python/cpython/commit/3fc5d84046ddbd66abac5b598956ea34605a4e5d --

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Change by miss-islington : -- pull_requests: +26478 pull_request: https://github.com/python/cpython/pull/28033 ___ Python tracker ___

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Change by miss-islington : -- nosy: +miss-islington nosy_count: 6.0 -> 7.0 pull_requests: +26476 pull_request: https://github.com/python/cpython/pull/28031 ___ Python tracker

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

STINNER Victor added the comment: Attached cpython_rebuild_expat_dir.sh script updates Modules/expat/ to our libexpat copy to 2.4.1. I used it to create attached PR 26945. -- Added file: https://bugs.python.org/file50129/cpython_rebuild_expat_dir.sh

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Change by STINNER Victor : -- keywords: +patch pull_requests: +25512 stage: -> patch review pull_request: https://github.com/python/cpython/pull/26945 ___ Python tracker ___

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Change by STINNER Victor : -- nosy: +lukasz.langa, ned.deily, pablogsal ___ Python tracker ___ ___ Python-bugs-list mailing list

[issue44394] [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1

Change by sping : -- title: [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Updated to vendoed copy to expat 2.4.1 -> [security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1 ___