Please upgrade bundled Expat to 2.6.3 (e.g. for the fixes to CVE-2024-45490, CVE-2024-45491 and CVE-2024-45492)

[hartwork]

Bug report

Bug description:

Hi! :wave:

Please upgrade bundled Expat to 2.6.3 (e.g. for the fixes to CVE-2024-45490, CVE-2024-45491 and CVE-2024-45492).

• GitHub release: https://github.com/libexpat/libexpat/releases/tag/R_2_6_3
• Change log: https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes

The CPython issue for previous 2.6.2 was #116741 and the related merged main pull request was #117296, in case you want to have a look. The Dockerfile from comment https://github.com/python/cpython/pull/117296#pullrequestreview-1964486079 could be of help with raising confidence in a bump pull request when going forward.

Thanks in advance!

CPython versions tested on:

3.8, 3.9, 3.10, 3.11, 3.12, 3.13, CPython main branch

Operating systems tested on:

Linux, macOS, Windows, Other

Linked PRs

• gh-123689
• gh-123705
• gh-123706
• gh-123707
• gh-123708
• gh-123709
• gh-123710
• gh-123711
• gh-123712

[sobolevn]

cc @sethmlarson

[sethmlarson]

Thanks for the ping @sobolevn, I'll work with release managers to get this update out.

[sethmlarson]

I've created a PR, please take a look: https://github.com/python/cpython/pull/123689

[sethmlarson]

All pull requests have been merged