Hi All,
we are using the python 3.9.5 version in our application.
In 3.9.5 it is using libexpat 2.2.8 version, as part of the Black duck scan, it
is showing critical vulnerabilities in libexpat 2.2.8.
(CVE-2022-22824
CVE-2022-23990
CVE-2022-23852
CVE-2022-25236
CVE-2022-22823)
when there are
ACTIVITY SUMMARY (2022-02-18 - 2022-02-25)
Python tracker at https://bugs.python.org/
To view or respond to any of the issues listed below, click on the issue.
Do NOT respond to this message.
Issues counts and deltas:
open7220 ( +2)
closed 51363 (+64)
total 58583 (+66)
Open issues
> On 25 Feb 2022, at 21:47, Prasad, PCRaghavendra
> wrote:
>
>
> Hi Scott,
Scott is my family name.
>
> Thanks for the reply
>
> Are you asking how to link python to an external libexpat instead of the
> vendor expat inside python?
>
> >> yes, we have done for some of the external
Hi Scott,
Thanks for the reply
Are you asking how to link python to an external libexpat instead of the vendor
expat inside python?
>> yes, we have done for some of the external libs like OpenSSL, bzip2 but
>> libexpat was an internal module to python so how to link to the latest expat
>>
The embedded copy of expat was recently upgraded to 2.4.6 in
https://bugs.python.org/issue46794 including on the 3.9 branch. That will
wind up in 3.9.11 per https://www.python.org/dev/peps/pep-0596/.
If you are using 3.9.5 you may also have a host of other potential security
issues that updating
> On 25 Feb 2022, at 12:58, Prasad, PCRaghavendra
> wrote:
>
> Hi All,
>
> we are using the python 3.9.5 version in our application.
>
> In 3.9.5 it is using libexpat 2.2.8 version, as part of the Black duck scan,
> it is showing critical vulnerabilities in libexpat 2.2.8.
>
>
