bpo-44394: Update libexpat copy to 2.4.1 (GH-26945)

Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the fix for the CVE-2013-0340 "Billion Laughs" vulnerability. This copy is most used on Windows and macOS. Co-authored-by: Łukasz Langa <lukasz@langa.pl> (cherry picked from commit 3fc5d84046ddbd66abac5b598956ea34605a4e5d) Co-authored-by: Victor Stinner <vstinner@python.org>
author: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> 2021-08-29 14:32:50 (GMT)
committer: GitHub <noreply@github.com> 2021-08-29 14:32:50 (GMT)
commit: 270678564c16452614a8acd93763bdf64fb4d286 (patch)
tree: b26a9e2fbd0328a269ffbdc973698d0f56896b9e /Misc
parent: 532ebba6c8697d214a0d94514ad0b2464a59cb7c (diff)
download: cpython-270678564c16452614a8acd93763bdf64fb4d286.zip
cpython-270678564c16452614a8acd93763bdf64fb4d286.tar.gz
cpython-270678564c16452614a8acd93763bdf64fb4d286.tar.bz2
1 files changed, 3 insertions, 0 deletions
diff --git a/Misc/NEWS.d/next/Security/2021-06-29-02-45-53.bpo-44394.A220N1.rst b/Misc/NEWS.d/next/Security/2021-06-29-02-45-53.bpo-44394.A220N1.rst
new file mode 100644
index 0000000..e32563d
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2021-06-29-02-45-53.bpo-44394.A220N1.rst
@@ -0,0 +1,3 @@
+Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the fix
+for the CVE-2013-0340 "Billion Laughs" vulnerability. This copy is most used
+on Windows and macOS.
author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>	2021-08-29 14:32:50 (GMT)
committer	GitHub <noreply@github.com>	2021-08-29 14:32:50 (GMT)
commit	270678564c16452614a8acd93763bdf64fb4d286 (patch)
tree	b26a9e2fbd0328a269ffbdc973698d0f56896b9e /Misc
parent	532ebba6c8697d214a0d94514ad0b2464a59cb7c (diff)
download	cpython-270678564c16452614a8acd93763bdf64fb4d286.zip cpython-270678564c16452614a8acd93763bdf64fb4d286.tar.gz cpython-270678564c16452614a8acd93763bdf64fb4d286.tar.bz2