STINNER Victor added the comment: What is the first expat version which isn't vulnerable?
I guess that this issue only impacts platforms which don't use --with-system-expat. Linux distributions use the system expat library for example. Currently, the Python master branch embeds a copy of expat 2.1.1: Modules/expat/expat.h #define XML_MAJOR_VERSION 2 #define XML_MINOR_VERSION 1 #define XML_MICRO_VERSION 1 ---------- nosy: +haypo _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue30610> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
