KEMBAR78
Upgrade bundled expat to 2.5.0 · Issue #98739 · python/cpython · GitHub
Skip to content

Upgrade bundled expat to 2.5.0 #98739

@scdub

Description

@scdub

Upgrade the bundled libexpat version to 2.5.0 which includes a fix for CVE-2022-43680. I haven't evaluated whether CPython is directly impacted by this CVE, but can confirm that it is detected by binary analysis tools such as Black Duck.

Related libexpat changelog includes additional fixes and details.

Metadata

Metadata

Assignees

Projects

Status

Done

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions