Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Please upgrade bundled Expat to 2.6.2 (e.g. for the fix to CVE-2024-28757) #116741

Closed
hartwork opened this issue Mar 13, 2024 · 5 comments
Closed

Please upgrade bundled Expat to 2.6.2 (e.g. for the fix to CVE-2024-28757) #116741

hartwork opened this issue Mar 13, 2024 · 5 comments
Labels
type-bug An unexpected behavior, bug, or error

Comments

@hartwork
Copy link
Contributor

hartwork commented Mar 13, 2024
edited by bedevere-app bot
Loading

Bug report

Bug description:

Hi! 👋

Please upgrade bundled Expat to 2.6.2 (e.g. for the fix to CVE-2024-28757).

The CPython issue for previous 2.6.0 was #115399 and the related merged main pull request was #115431, in case you want to have a look. Comment #115431 (comment) could be of help by raising confidence in the bump pull request when going forward.

Thanks in advance!

CPython versions tested on:

3.8, 3.9, 3.10, 3.11, 3.12, 3.13, CPython main branch

Operating systems tested on:

Linux, macOS, Windows, Other

Linked PRs
@hartwork hartwork added the type-bug An unexpected behavior, bug, or error label Mar 13, 2024
@hartwork hartwork changed the title Please upgrade bundled Expat to 2.6.2 (e.g. for the fix toCVE-2024-28757) Please upgrade bundled Expat to 2.6.2 (e.g. for the fix to CVE-2024-28757) Mar 13, 2024
@hartwork hartwork mentioned this issue Mar 13, 2024
Closed
28 tasks
@hartwork
Copy link
Contributor Author

@sethmlarson any chance we could team up on this once more?

@bedevere-app bedevere-app bot mentioned this issue Mar 27, 2024
Merged
@sethmlarson
Copy link
Contributor

@hartwork Sorry for not replying, I was gone for the past 2 weeks on vacation. Here's a PR upgrading 2.6.2, please take a look.

@hartwork
Copy link
Contributor Author

@sethmlarson looks good, thank you! 👍

gpshead pushed a commit that referenced this issue Apr 23, 2024
@sethmlarson
gh-116741: Upgrade libexpat to 2.6.2 (#117296)
c9829ee 
Upgrade libexpat to 2.6.2
miss-islington pushed a commit to miss-islington/cpython that referenced this issue Apr 23, 2024
@sethmlarson @miss-islington
pythongh-116741: Upgrade libexpat to 2.6.2 (pythonGH-117296)
45e4357 
Upgrade libexpat to 2.6.2
(cherry picked from commit c9829ee)

Co-authored-by: Seth Michael Larson <[email protected]>
@bedevere-app bedevere-app bot mentioned this issue Apr 23, 2024
Merged
gpshead pushed a commit that referenced this issue Apr 23, 2024
@miss-islington @sethmlarson
[3.12] gh-116741: Upgrade libexpat to 2.6.2 (GH-117296) (GH-118166)
30725f0 
gh-116741: Upgrade libexpat to 2.6.2 (GH-117296)

Upgrade libexpat to 2.6.2
(cherry picked from commit c9829ee)

Co-authored-by: Seth Michael Larson <[email protected]>
@bedevere-app bedevere-app bot mentioned this issue Apr 23, 2024
Merged
sethmlarson added a commit to sethmlarson/cpython that referenced this issue Apr 23, 2024
@sethmlarson
[3.11] pythongh-116741: Upgrade libexpat to 2.6.2 (pythonGH-117296)
672820f 
Upgrade libexpat to 2.6.2
(cherry picked from commit c9829ee)

Co-authored-by: Seth Michael Larson <[email protected]>
sethmlarson added a commit to sethmlarson/cpython that referenced this issue Apr 23, 2024
@sethmlarson
[3.10] pythongh-116741: Upgrade libexpat to 2.6.2 (pythonGH-117296)
02e79dc 
Upgrade libexpat to 2.6.2
(cherry picked from commit c9829ee)

Co-authored-by: Seth Michael Larson <[email protected]>
@bedevere-app bedevere-app bot mentioned this issue Apr 23, 2024
Merged
sethmlarson added a commit to sethmlarson/cpython that referenced this issue Apr 23, 2024
@sethmlarson
[3.9] pythongh-116741: Upgrade libexpat to 2.6.2 (pythonGH-117296)
2befdf2 
Upgrade libexpat to 2.6.2
(cherry picked from commit c9829ee)

Co-authored-by: Seth Michael Larson <[email protected]>
@bedevere-app bedevere-app bot mentioned this issue Apr 23, 2024
Merged
sethmlarson added a commit to sethmlarson/cpython that referenced this issue Apr 23, 2024
@sethmlarson
[3.8] pythongh-116741: Upgrade libexpat to 2.6.2 (pythonGH-117296)
4ecde3b 
Upgrade libexpat to 2.6.2
(cherry picked from commit c9829ee)

Co-authored-by: Seth Michael Larson <[email protected]>
@bedevere-app bedevere-app bot mentioned this issue Apr 23, 2024
Merged
gpshead pushed a commit that referenced this issue Apr 23, 2024
@sethmlarson
[3.11] gh-116741: Upgrade libexpat to 2.6.2 (GH-117296) (#118185)
8133285 
Upgrade libexpat to 2.6.2
(cherry picked from commit c9829ee)
ambv pushed a commit that referenced this issue May 7, 2024
@sethmlarson
[3.10] gh-116741: Upgrade libexpat to 2.6.2 (GH-117296) (GH-118186)
2ec7018 
(cherry picked from commit c9829ee)
ambv pushed a commit that referenced this issue May 7, 2024
@sethmlarson
[3.9] gh-116741: Upgrade libexpat to 2.6.2 (GH-117296) (GH-118187)
7db40cd 
(cherry picked from commit c9829ee)
ambv pushed a commit that referenced this issue May 7, 2024
@sethmlarson
[3.8] gh-116741: Upgrade libexpat to 2.6.2 (GH-117296) (GH-118188)
f791cda 
(cherry picked from commit c9829ee)
@eli-schwartz
Copy link
Contributor

Is this fully implemented now?

@gpshead
Copy link
Member

gpshead commented May 21, 2024

it looks like all of the backports are in. yes.

@gpshead gpshead closed this as completed May 21, 2024
@hartwork hartwork mentioned this issue Sep 4, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type-bug An unexpected behavior, bug, or error
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@gpshead @hartwork @eli-schwartz @sethmlarson