Skip to content

ActivePython Release 3.7.17.5

Latest
Latest
Compare
Choose a tag to compare
@i-shenl i-shenl released this 19 Sep 19:45
· 4383 commits to 2.7 since this release
v3.7.17.5
50309c3

What's Changed

Security

Upgrade bundled libexpat to 2.6.3 to fix the following CVEs:

  • CVE-2024-28757 libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

  • CVE-2024-45490 An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.

  • CVE-2024-45491 An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

  • CVE-2024-45492 An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

Assets 2
Loading