Skip to content

[security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1 #88560

New issue
New issue
Closed
Closed
[security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1#88560
Labels
3.10only security fixes3.11only security fixes3.7 (EOL)end of life3.8 (EOL)end of life3.9 (EOL)end of lifeextension-modulesC modules in the Modules dirtype-securityA security issue
@vstinner

Description

@vstinner
vstinner
opened on Jun 11, 2021
BPO 44394
Nosy @scoder, @vstinner, @ned-deily, @ambv, @hartwork, @pablogsal, @miss-islington
PRs
  • bpo-44394: Update libexpat copy to 2.4.1 #26945
  • [3.10] bpo-44394: Update libexpat copy to 2.4.1 (GH-26945) #28031
  • [3.9] bpo-44394: Update libexpat copy to 2.4.1 (GH-26945) #28032
  • [3.8] bpo-44394: Update libexpat copy to 2.4.1 (GH-26945) #28033
  • [3.7] bpo-44394: Update libexpat copy to 2.4.1 (GH-26945) #28042
  • [3.6] bpo-44394: Update libexpat copy to 2.4.1 (GH-26945) (GH-28042) #28080
  • bpo-44394: Ensure libexpat is linked against libm #28617
  • [3.9] bpo-44394: Ensure libexpat is linked against libm (GH-28617) #28619
  • [3.8] bpo-44394: Ensure libexpat is linked against libm (GH-28617) #28620
  • [3.10] bpo-44394: Ensure libexpat is linked against libm (GH-28617) #28621
  • bpo-44394: [typo] s/libexpact/libexpat/ in setup.py #28624
  • [3.9] bpo-44394: [typo] s/libexpact/libexpat/ in setup.py (GH-28624) #28627
    		•
    Files
  • cpython_rebuild_expat_dir.sh
    		•

    Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = None
closed_at = <Date 2021-08-31.07:05:24.142>
created_at = <Date 2021-06-11.14:14:07.254>
labels = ['type-security', '3.8', '3.9', '3.10', '3.11', 'extension-modules', '3.7']
title = '[security] CVE-2013-0340 "Billion Laughs" fixed in Expat >=2.4.0: Update vendored copy to expat 2.4.1'
updated_at = <Date 2022-01-01.17:11:10.030>
user = 'https://github.com/vstinner'

    bugs.python.org fields:

    activity = <Date 2022-01-01.17:11:10.030>
actor = 'gvanrossum'
assignee = 'none'
closed = True
closed_date = <Date 2021-08-31.07:05:24.142>
closer = 'ned.deily'
components = ['Extension Modules']
creation = <Date 2021-06-11.14:14:07.254>
creator = 'vstinner'
dependencies = []
files = ['50129']
hgrepos = []
issue_num = 44394
keywords = ['patch']
message_count = 20.0
messages = ['395634', '395642', '395649', '396688', '400534', '400537', '400538', '400539', '400547', '400601', '400691', '400694', '400695', '402783', '402797', '402869', '402872', '402875', '402880', '409459']
nosy_count = 7.0
nosy_names = ['scoder', 'vstinner', 'ned.deily', 'lukasz.langa', 'sping', 'pablogsal', 'miss-islington']
pr_nums = ['26945', '28031', '28032', '28033', '28042', '28080', '28617', '28619', '28620', '28621', '28624', '28627']
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'security'
url = 'https://bugs.python.org/issue44394'
versions = ['Python 3.6', 'Python 3.7', 'Python 3.8', 'Python 3.9', 'Python 3.10', 'Python 3.11']

    Metadata

    Metadata

    Assignees

    No one assigned

      Labels

      3.10only security fixes3.11only security fixes3.7 (EOL)end of life3.8 (EOL)end of life3.9 (EOL)end of lifeextension-modulesC modules in the Modules dirtype-securityA security issue

      Projects

      No projects

      Milestone

      No milestone

      Relationships

      None yet

      Development

      No branches or pull requests

      Issue actions