Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Please upgrade bundled Expat to 2.6.4 (e.g. for the fix to CVE-2024-50602) #126623

Closed
hartwork opened this issue Nov 9, 2024 · 5 comments
Closed

Please upgrade bundled Expat to 2.6.4 (e.g. for the fix to CVE-2024-50602) #126623

hartwork opened this issue Nov 9, 2024 · 5 comments
Assignees
@sethmlarson
Labels
3.9 only security fixes 3.10 only security fixes 3.11 only security fixes 3.12 bugs and security fixes 3.13 bugs and security fixes 3.14 new features, bugs and security fixes extension-modules C modules in the Modules dir topic-XML type-security A security issue

Comments

@hartwork
Copy link
Contributor

hartwork commented Nov 9, 2024
edited by bedevere-app bot
Loading

Bug report

Bug description:

Hi! 👋

Please upgrade bundled Expat to 2.6.4 (e.g. for the fix to CVE-2024-50602).

The CPython issue for previous 2.6.3 was #123678 and the related merged main pull request was #123689, in case you want to have a look. The Dockerfile from comment #123689 (review) could be of help with raising confidence in a bump pull request when going forward.

Thanks in advance!

CPython versions tested on:

3.9, 3.10, 3.11, 3.12, 3.13, 3.14, CPython main branch

Operating systems tested on:

Linux, macOS, Windows, Other

Linked PRs
@hartwork hartwork added the type-bug An unexpected behavior, bug, or error label Nov 9, 2024
@hugovk hugovk added the type-security A security issue label Nov 9, 2024
@hartwork hartwork mentioned this issue Nov 9, 2024
Closed
27 tasks
@ZeroIntensity ZeroIntensity added 3.11 only security fixes 3.10 only security fixes 3.9 only security fixes 3.12 bugs and security fixes 3.13 bugs and security fixes 3.14 new features, bugs and security fixes labels Nov 9, 2024
@ZeroIntensity
Copy link
Member

cc @sethmlarson

@picnixz picnixz mentioned this issue Nov 9, 2024
Closed
@picnixz picnixz added extension-modules C modules in the Modules dir topic-XML and removed type-bug An unexpected behavior, bug, or error labels Nov 9, 2024
@bedevere-app bedevere-app bot mentioned this issue Nov 13, 2024
Merged
gpshead pushed a commit that referenced this issue Nov 13, 2024
@sethmlarson
gh-126623: Update libexpat to 2.6.4, make future updates easier (GH-1…
3c99969 
…26792)

Update libexpat to 2.6.4, make future updates easier.
miss-islington pushed a commit to miss-islington/cpython that referenced this issue Nov 13, 2024
@sethmlarson @miss-islington
pythongh-126623: Update libexpat to 2.6.4, make future updates easier (
66d95bb 
…pythonGH-126792)

Update libexpat to 2.6.4, make future updates easier.
(cherry picked from commit 3c99969)

Co-authored-by: Seth Michael Larson <[email protected]>
miss-islington pushed a commit to miss-islington/cpython that referenced this issue Nov 13, 2024
@sethmlarson @miss-islington
pythongh-126623: Update libexpat to 2.6.4, make future updates easier (
a16c365 
…pythonGH-126792)

Update libexpat to 2.6.4, make future updates easier.
(cherry picked from commit 3c99969)

Co-authored-by: Seth Michael Larson <[email protected]>
This was referenced Nov 13, 2024
Merged
Merged
sethmlarson added a commit to sethmlarson/cpython that referenced this issue Nov 13, 2024
@sethmlarson
[3.11] pythongh-126623: Update libexpat to 2.6.4, make future updates…
fbff1ae 
… easier (pythonGH-126792)

Update libexpat to 2.6.4, make future updates easier.
(cherry picked from commit 3c99969)

Co-authored-by: Seth Michael Larson <[email protected]>
@bedevere-app bedevere-app bot mentioned this issue Nov 13, 2024
Merged
sethmlarson added a commit to sethmlarson/cpython that referenced this issue Nov 13, 2024
@sethmlarson
[3.10] pythongh-126623: Update libexpat to 2.6.4, make future updates…
f2949e2 
… easier (pythonGH-126792)

Update libexpat to 2.6.4, make future updates easier.
(cherry picked from commit 3c99969)

Co-authored-by: Seth Michael Larson <[email protected]>
@bedevere-app bedevere-app bot mentioned this issue Nov 13, 2024
Merged
sethmlarson added a commit to sethmlarson/cpython that referenced this issue Nov 13, 2024
@sethmlarson
[3.9] pythongh-126623: Update libexpat to 2.6.4, make future updates …
a60574e 
…easier (pythonGH-126792)

Update libexpat to 2.6.4, make future updates easier.
(cherry picked from commit 3c99969)

Co-authored-by: Seth Michael Larson <[email protected]>
@bedevere-app bedevere-app bot mentioned this issue Nov 13, 2024
Merged
sethmlarson added a commit to sethmlarson/cpython that referenced this issue Nov 13, 2024
@sethmlarson
[3.8] pythongh-126623: Update libexpat to 2.6.4, make future updates …
7d48f06 
…easier (pythonGH-126792)

Update libexpat to 2.6.4, make future updates easier.
(cherry picked from commit 3c99969)

Co-authored-by: Seth Michael Larson <[email protected]>
gpshead pushed a commit that referenced this issue Nov 13, 2024
@miss-islington @sethmlarson
[3.12] gh-126623: Update libexpat to 2.6.4, make future updates easier (
9e86d21 
GH-126792) (GH-126797)

gh-126623: Update libexpat to 2.6.4, make future updates easier (GH-126792)

Update libexpat to 2.6.4, make future updates easier.
(cherry picked from commit 3c99969)

Co-authored-by: Seth Michael Larson <[email protected]>
gpshead pushed a commit that referenced this issue Nov 13, 2024
@miss-islington @sethmlarson
[3.13] gh-126623: Update libexpat to 2.6.4, make future updates easier (
1d6ba84 
GH-126792) (GH-126796)

gh-126623: Update libexpat to 2.6.4, make future updates easier (GH-126792)

Update libexpat to 2.6.4, make future updates easier.
(cherry picked from commit 3c99969)

Co-authored-by: Seth Michael Larson <[email protected]>
@github-actions github-actions bot mentioned this issue Dec 1, 2024
Closed
ambv pushed a commit that referenced this issue Dec 2, 2024
@sethmlarson
[3.10] gh-126623: Update libexpat to 2.6.4, make future updates easier (
b3a6042 
GH-126792) (GH-126799)

(cherry picked from commit 3c99969)
ambv pushed a commit that referenced this issue Dec 2, 2024
@sethmlarson
[3.9] gh-126623: Update libexpat to 2.6.4, make future updates easier (
6b8f442 
…GH-126792) (GH-126800)

(cherry picked from commit 3c99969)
ambv pushed a commit that referenced this issue Dec 3, 2024
@sethmlarson
[3.11] gh-126623: Update libexpat to 2.6.4, make future updates easier (
2e161e2 
GH-126792) (GH-126798)

Update libexpat to 2.6.4, make future updates easier.
(cherry picked from commit 3c99969)
@ambv
Copy link
Contributor

ambv commented Dec 3, 2024

Releases with the fix have gone out today. Thanks! ✨ 🍰 ✨

@ambv ambv closed this as completed Dec 3, 2024
@sparrowt sparrowt mentioned this issue Dec 5, 2024
Merged
picnixz pushed a commit to picnixz/cpython that referenced this issue Dec 8, 2024
@sethmlarson @picnixz
pythongh-126623: Update libexpat to 2.6.4, make future updates easier (
115a7b3 
…pythonGH-126792)

Update libexpat to 2.6.4, make future updates easier.
07026 added a commit to 07026/skills-copilot-codespaces-vscode that referenced this issue Dec 15, 2024
@07026
Create Pth
9486c15 
python/cpython#126623 (comment)
@bjjc09
Copy link

bjjc09 commented Dec 18, 2024

Ok

@skomar77

This comment was marked as spam.

Sign in to view
@skomar77

This comment was marked as spam.

Sign in to view
@python python locked as spam and limited conversation to collaborators Dec 23, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@sethmlarson sethmlarson

Labels
3.9 only security fixes 3.10 only security fixes 3.11 only security fixes 3.12 bugs and security fixes 3.13 bugs and security fixes 3.14 new features, bugs and security fixes extension-modules C modules in the Modules dir topic-XML type-security A security issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@ambv @hugovk @hartwork @picnixz @sethmlarson @ZeroIntensity @bjjc09 @skomar77