bpo-44394: Update libexpat copy to 2.4.1 (GH-26945) (GH-28033)

Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the fix for the CVE-2013-0340 "Billion Laughs" vulnerability. This copy is most used on Windows and macOS. Co-authored-by: Łukasz Langa <lukasz@langa.pl> (cherry picked from commit 3fc5d84046ddbd66abac5b598956ea34605a4e5d) Co-authored-by: Victor Stinner <vstinner@python.org>
author: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> 2021-08-29 14:31:27 (GMT)
committer: GitHub <noreply@github.com> 2021-08-29 14:31:27 (GMT)
commit: c9c2a0bc9820f93f1020f3498f6893a3544c9b76 (patch)
tree: 2bb6c01c9542fc1f284f5d9f1eda5760adc7f218 /Misc/NEWS.d/next
parent: 193443bb708cba3a72e99e61dd6615a94f22f9e1 (diff)
download: cpython-c9c2a0bc9820f93f1020f3498f6893a3544c9b76.zip
cpython-c9c2a0bc9820f93f1020f3498f6893a3544c9b76.tar.gz
cpython-c9c2a0bc9820f93f1020f3498f6893a3544c9b76.tar.bz2
1 files changed, 3 insertions, 0 deletions
diff --git a/Misc/NEWS.d/next/Security/2021-06-29-02-45-53.bpo-44394.A220N1.rst b/Misc/NEWS.d/next/Security/2021-06-29-02-45-53.bpo-44394.A220N1.rst
new file mode 100644
index 0000000..e32563d
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2021-06-29-02-45-53.bpo-44394.A220N1.rst
@@ -0,0 +1,3 @@
+Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the fix
+for the CVE-2013-0340 "Billion Laughs" vulnerability. This copy is most used
+on Windows and macOS.
author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>	2021-08-29 14:31:27 (GMT)
committer	GitHub <noreply@github.com>	2021-08-29 14:31:27 (GMT)
commit	c9c2a0bc9820f93f1020f3498f6893a3544c9b76 (patch)
tree	2bb6c01c9542fc1f284f5d9f1eda5760adc7f218 /Misc/NEWS.d/next
parent	193443bb708cba3a72e99e61dd6615a94f22f9e1 (diff)
download	cpython-c9c2a0bc9820f93f1020f3498f6893a3544c9b76.zip cpython-c9c2a0bc9820f93f1020f3498f6893a3544c9b76.tar.gz cpython-c9c2a0bc9820f93f1020f3498f6893a3544c9b76.tar.bz2