Releases · ActiveState/cpython

19 Sep 19:45

i-shenl

ActivePython Release 3.7.17.5 Latest

Latest

What's Changed

Upgrade bundled libexpat to 2.6.3 to fix the following CVEs:

CVE-2024-28757 libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
CVE-2024-45490 An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
CVE-2024-45491 An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
CVE-2024-45492 An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

Assets 2

06 Sep 16:22

icanhasmath

CVE-2024-0397 Fix for the problem, backported from Python3.8 pythongh-114572 by @rickprice in #53
CVE-2024-7592 Fix quadratic complexity in parsing quoted cookie, backported from Python3.8 pythongh-123067 by @rickprice in #62

Fix Async import problem on Posix by @rickprice in #51
Add VCRuntime and additional MSVC Redistributables by @icanhasmath in #52 #55 #64

Full Changelog: v2.7.18.9...v2.7.18.10

rickprice and icanhasmath

Assets 2

23 Jul 04:34

icanhasmath

ActivePython Release 3.7.17.4

CVE-2024-0397 Fix locking in cert_store_stats and get_ca_certs by @rickprice in #56
CVE-2024-4032 Fix "private" (non-global) IP address ranges (pythonGH-113179… by @rickprice in #57
Enable ActiveState build by @icanhasmath in #59

Full Changelog: v3.7.17.3...v3.7.17.4