New submission from Duy Phan Thanh:
Python's libexpat library is outdated and vulnerable to CVE-2016-0718
https://sourceforge.net/p/expat/bugs/537/
which can cause remote code execution through malicious xml files. The attached
POC crashed both python 2.7 and python 3.5 on my windows ma
Changes by Duy Phan Thanh :
--
title: libexpat vulnerable to CVE-2016-0718 -> Python's libexpat vulnerable to
CVE-2016-0718
___
Python tracker
<http://bugs.python.org
Duy Phan Thanh added the comment:
According to their changelog here
https://github.com/libexpat/libexpat/blob/master/expat/Changes
The vulnerability was fixed in expat 2.2.0 and yes it does not affect system
that use --with-system-expat
