dgit.raspbian.org Git - python3.9.git/commit

author	Stan Ulbrych <stan@python.org>
	Wed, 8 Apr 2026 10:27:42 +0000 (11:27 +0100)
committer	Arnaud Rebillout <arnaudr@debian.org>
	Thu, 14 May 2026 03:00:00 +0000 (10:00 +0700)
commit	9acaad217a16412909beaba50a3d3837a8be09f6
tree	2d12526f2db05c8695ceb78cc729dfe794771c7a	tree \| snapshot
parent	6561de9de1ff5d1dcfcd44acb308a8d0b64bc413	commit \| diff

[PATCH] [3.10] gh-145986: Avoid unbound C recursion in `conv_content_model` in `pyexpat.c` (CVE 2026-4224) (GH-145987) (#146002)

* [3.10] gh-145986: Avoid unbound C recursion in `conv_content_model` in `pyexpat.c` (CVE 2026-4224) (GH-145987)

Fix C stack overflow (CVE-2026-4224) when an Expat parser
with a registered `ElementDeclHandler` parses inline DTD
containing deeply nested content model.

---------
(cherry picked from commit eb0e8be3a7e11b87d198a2c3af1ed0eccf532768)
(cherry picked from commit e5caf45faac74b0ed869e3336420cffd3510ce6e)

Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
* Update Misc/NEWS.d/next/Security/2026-03-14-17-31-39.gh-issue-145986.ifSSr8.rst

---------

Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
Origin: backport, https://github.com/python/cpython/commit/af856a7177326ac25d9f66cc6dd28b554d914fee

Gbp-Pq: Name CVE-2026-4224.patch

Lib/test/support/__init__.py		diff \| blob \| history
Lib/test/test_pyexpat.py		diff \| blob \| history
Misc/NEWS.d/next/Security/2026-03-14-17-31-39.gh-issue-145986.ifSSr8.rst	[new file with mode: 0644]	blob
Modules/pyexpat.c		diff \| blob \| history