Ned Deily added the comment: Note that a duplicate of this issue was opened as Issue30610 and @matrixise was working on a PR there to update the embedded expat to 2.2.0. Since there are CVE's and a demo crash supplied in Issue30610, it seems to me we need to fix this for 3.6.2rc1 so I'm making this a "release blocker" and delaying the release. I'm willing to be convinced otherwise. Christian or Victor, can one of you please follow up on this for the 3.6 branch ASAP? Thanks!
---------- nosy: +benjamin.peterson, larry, ned.deily priority: normal -> release blocker _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue29591> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
