diff options
author | Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> | 2021-08-29 14:31:27 (GMT) |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-08-29 14:31:27 (GMT) |
commit | c9c2a0bc9820f93f1020f3498f6893a3544c9b76 (patch) | |
tree | 2bb6c01c9542fc1f284f5d9f1eda5760adc7f218 /Misc/NEWS.d/next | |
parent | 193443bb708cba3a72e99e61dd6615a94f22f9e1 (diff) | |
download | cpython-c9c2a0bc9820f93f1020f3498f6893a3544c9b76.zip cpython-c9c2a0bc9820f93f1020f3498f6893a3544c9b76.tar.gz cpython-c9c2a0bc9820f93f1020f3498f6893a3544c9b76.tar.bz2 |
bpo-44394: Update libexpat copy to 2.4.1 (GH-26945) (GH-28033)
Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the
fix for the CVE-2013-0340 "Billion Laughs" vulnerability. This copy
is most used on Windows and macOS.
Co-authored-by: Ćukasz Langa <lukasz@langa.pl>
(cherry picked from commit 3fc5d84046ddbd66abac5b598956ea34605a4e5d)
Co-authored-by: Victor Stinner <vstinner@python.org>
Diffstat (limited to 'Misc/NEWS.d/next')
-rw-r--r-- | Misc/NEWS.d/next/Security/2021-06-29-02-45-53.bpo-44394.A220N1.rst | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/Misc/NEWS.d/next/Security/2021-06-29-02-45-53.bpo-44394.A220N1.rst b/Misc/NEWS.d/next/Security/2021-06-29-02-45-53.bpo-44394.A220N1.rst new file mode 100644 index 0000000..e32563d --- /dev/null +++ b/Misc/NEWS.d/next/Security/2021-06-29-02-45-53.bpo-44394.A220N1.rst @@ -0,0 +1,3 @@ +Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the fix +for the CVE-2013-0340 "Billion Laughs" vulnerability. This copy is most used +on Windows and macOS. |