Upgrade bundled Expat to 2.7.2 (e.g. for the fix to CVE-2025-59375)Β #138998
Description
Bug report
Bug description:
Hi! π
Please upgrade bundled Expat to 2.7.2 (e.g. for the fix to CVE-2025-59375).
- GitHub release: https://github.com/libexpat/libexpat/releases/tag/R_2_7_2
- Change log: https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes
The CPython issue for previous 2.7.1 was #131809 and the related merged main pull request was #132192, in case you want to have a look. (The Dockerfile from comment #123689 (review) could be of help with raising confidence in a bump pull request when going forward.)
Thanks in advance!
CPython versions tested on:
3.9, 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, CPython main branch
Operating systems tested on:
Linux, macOS, Windows, Other
Linked PRs
- gh-138998: Upgrade vendored expat to 2.7.2Β #138999
- [3.14] gh-138998: Upgrade vendored expat to 2.7.2 (GH-138999)Β #139024
- [3.13] gh-138998: Upgrade vendored expat to 2.7.2 (GH-138999)Β #139025
- [3.12] gh-138998: Upgrade vendored expat to 2.7.2 (GH-138999)Β #139026
- gh-138998:
expat/refresh.sh: Fail if Step 3 is not completedΒ #139049 - [3.10] gh-138998: Upgrade vendored expat to 2.7.2 (#138999)Β #139053
- [3.9] gh-138998: Upgrade vendored expat to 2.7.2 (GH-138999)Β #139055
- [3.11] gh-138998: Upgrade vendored expat to 2.7.2 (#138999)Β #139056