STINNER Victor added the comment:
Expat 2.2.3 was released:
Release 2.2.3 Wed August 2 2017
Security fixes:
#82 CVE-2017-11742 -- Windows: Fix DLL hijacking vulnerability
using Steve Holme's LoadLibrary wrapper for/of cURL
Bug fixes:
STINNER Victor added the comment:
About the 3 security fixes (is the last change a security fix?).
"""
#43 Protect against compilation without any source of high
quality entropy enabled, e.g. with CMake build system;
commit ff0207e6076e9828e5
STINNER Victor added the comment:
> #51 Address lack of stdint.h in Visual Studio 2003 to 2008
FYI this change only impacts Python 2.7, since Python 3.3 and newer requires
Visual Studio 2010 or newer, and I already backported (cherry-picked) this
specific commit in Python 2.7:
https://github.
New submission from STINNER Victor:
libexpat released a new version 2.2.2 which seems to contain 2 or 3 security
fixes. I'm not sure that Python is affected by these bugs.
https://github.com/libexpat/libexpat/blob/R_2_2_2/expat/Changes#L5
Release 2.2.2 Wed July 12 2017
Security fixes:
