Please upgrade bundled Expat to 2.6.3 (e.g. for the fixes to CVE-2024-45490, CVE-2024-45491 and CVE-2024-45492) #123678
Description
Bug report
Bug description:
Hi! 👋
Please upgrade bundled Expat to 2.6.3 (e.g. for the fixes to CVE-2024-45490, CVE-2024-45491 and CVE-2024-45492).
- GitHub release: https://github.com/libexpat/libexpat/releases/tag/R_2_6_3
- Change log: https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes
The CPython issue for previous 2.6.2 was #116741 and the related merged main pull request was #117296, in case you want to have a look. The Dockerfile from comment #117296 (review) could be of help with raising confidence in a bump pull request when going forward.
Thanks in advance!
CPython versions tested on:
3.8, 3.9, 3.10, 3.11, 3.12, 3.13, CPython main branch
Operating systems tested on:
Linux, macOS, Windows, Other
Linked PRs
- gh-123678: Upgrade libexpat 2.6.3 #123689
- [3.13] gh-123678: Upgrade libexpat 2.6.3 #123705
- [3.12] gh-123678: Upgrade libexpat 2.6.3 #123706
- [3.13] gh-123678: Upgrade libexpat 2.6.3 (GH-123689) #123707
- [3.12] gh-123678: Upgrade libexpat 2.6.3 (GH-123689) #123708
- [3.11] gh-123678: Upgrade libexpat 2.6.3 #123709
- [3.10] gh-123678: Upgrade libexpat 2.6.3 #123710
- [3.9] gh-123678: Upgrade libexpat 2.6.3 #123711
- [3.8] gh-123678: Upgrade libexpat 2.6.3 #123712