Message 295504 - Python tracker

Message295504

Author	vstinner
Recipients	Duy Phan Thanh, vstinner
Date	2017-06-09.09:29:13
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1497000553.71.0.674422330477.issue30610@psf.upfronthosting.co.za>
In-reply-to

Content
What is the first expat version which isn't vulnerable? I guess that this issue only impacts platforms which don't use --with-system-expat. Linux distributions use the system expat library for example. Currently, the Python master branch embeds a copy of expat 2.1.1: Modules/expat/expat.h #define XML_MAJOR_VERSION 2 #define XML_MINOR_VERSION 1 #define XML_MICRO_VERSION 1

Content

What is the first expat version which isn't vulnerable?

I guess that this issue only impacts platforms which don't use --with-system-expat. Linux distributions use the system expat library for example.

Currently, the Python master branch embeds a copy of expat 2.1.1:

Modules/expat/expat.h
#define XML_MAJOR_VERSION 2
#define XML_MINOR_VERSION 1
#define XML_MICRO_VERSION 1

History
Date	User	Action	Args
2017-06-09 09:29:13	vstinner	set	recipients: + vstinner, Duy Phan Thanh
2017-06-09 09:29:13	vstinner	set	messageid: <1497000553.71.0.674422330477.issue30610@psf.upfronthosting.co.za>
2017-06-09 09:29:13	vstinner	link	issue30610 messages
2017-06-09 09:29:13	vstinner	create