ActiveState Release of Python 2.7.18.13

What's Changed

• Refactor CVE-2023-27043 patch to support Unicode characters by @ezequielp-activestate in #78
• 2.7.18.13 Release by @ezequielp-activestate in #79

New Contributors

• @ezequielp-activestate made their first contribution in #78

Full Changelog: v2.7.18.12...v2.7.18.13

AS Release 2.7.18.11

What's Changed

• Be 4504 python 2 7 expat update iiii by @rickprice in #66
• Add tests to show that CVE-2024-6232 is okay by @rickprice in #67
• BE-4921 Expat 2.6.4 Vendored into Python2 by @rickprice in #65
• Be 3659 CVE 2007 4559 iiii by @rickprice in #68

Full Changelog: v2.7.18.10...v2.7.18.11

ActivePython Release 3.7.17.5

What's Changed

Security

Upgrade bundled libexpat to 2.6.3 to fix the following CVEs:

• CVE-2024-28757 libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

• CVE-2024-45490 An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.

• CVE-2024-45491 An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

• CVE-2024-45492 An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

ActiveState Release of Python 2.7.18.10

ActiveState Release of Python 2.7.18.10

What's Changed

Security

• CVE-2024-0397 Fix for the problem, backported from Python3.8 pythongh-114572 by @rickprice in #53
• CVE-2024-7592 Fix quadratic complexity in parsing quoted cookie, backported from Python3.8 pythongh-123067 by @rickprice in #62

Core and Builtins

• Fix Async import problem on Posix by @rickprice in #51
• Add VCRuntime and additional MSVC Redistributables by @icanhasmath in #52 #55 #64

Full Changelog: v2.7.18.9...v2.7.18.10

ActivePython Release 3.7.17.4

What's Changed

• CVE-2024-0397 Fix locking in cert_store_stats and get_ca_certs by @rickprice in #56
• CVE-2024-4032 Fix "private" (non-global) IP address ranges (pythonGH-113179… by @rickprice in #57
• Enable ActiveState build by @icanhasmath in #59

Full Changelog: v3.7.17.3...v3.7.17.4

AS Release v2.7.18.9

ActiveState Release of Python 2.7.18.9

What's Changed

• CVE-2022-45061 by @rickprice in #41
• CVE-2022-48560 by @rickprice in #42
• CVE-2017-18207 by @rickprice in #43
• CVE-2022-48566 by @rickprice in #44
• Support for Tkinter on windows by @MatthewZMD in #46
• Add WSA Error support for socket and async modules on windows by @rickprice in #48
• Redistribute VS runtime DLLs

Full Changelog: v2.7.18.8...v2.7.18.9

AS Release v2.7.18.8

ActiveState release 2.7.18.8

What's Changed

• CVE-2023-24329 by @rickprice in #33
• CVE-2023-40217 by @rickprice in #34
• CVE-2021-4189 by @rickprice in #36
• CVE-2022-48565 by @icanhasmath in #39
• Fix regression in test_signal by @rickprice in #32
• Always include inttypes.h because of pytime.h by @rickprice in #38

Full Changelog: v2.7.18.7...v2.7.18.8

AS Release v3.7.17.3

Release of ActivePython 3.7.17.3

AS Release v3.7.17.2

AS Release v3.7.17.2

AS Release v3.7.17.1

AS Release v3.7.17.1