For readers new to Expat:

libexpat is a fast streaming XML parser. Alongside libxml2, Expat is one of the most widely used software libre XML parsers written in C, specifically C99. It is cross-platform and licensed under the MIT license.

Expat 2.7.3 was released earlier today. The key motivation for cutting a release and doing so now is the two regressions fixed with earlier security fixes:

• The original fix for vulnerability CVE-2024-8176 in Expat 2.7.0 turned out to cause false reports as well-formed for some malformed documents that should have been rejected with error XML_ERROR_ASYNC_ENTITY.

• The original fix for vulnerability CVE-2025-59375 in Expat 2.7.2 turned out to have portability issues with regard to some non-amd64 architectures (e.g. sparc32).

While neither of these fixes is known to have a security impact, they should be of particular interest to distributors who backported one or more of the original fixes.

The rest of the release consists of a mix of minor improvements and fixes, particularly in documentation and infrastructure.

Thanks to everyone who contributed to this release of Expat!

For more details about this release, please check out the change log.

If you maintain Expat packaging, a bundled copy of Expat, or a pinned version of Expat, please update to version 2.7.3. Thank you!

Sebastian Pipping

Original title: Jimmy Kimmel is Back!

Original title: Linkin Park - The Emptiness Machine (stripped-down version), live at EastWest Studios

Original title: The Emptiness Machine (Acoustic Cover) 4K 60 FPS - Linkin Park

Original title: David Letterman on the Future of Free Speech | The Atlantic Festival 2025

Original title: BREAKING: Trump BANS Jimmy Kimmel from TV for THIS

Original title: Trump KILLS Kimmel show, "indefinitely suspended"

For readers new to Expat:

libexpat is a fast streaming XML parser. Alongside libxml2, Expat is one of the most widely used software libre XML parsers written in C, specifically C99. It is cross-platform and licensed under the MIT license.

Expat 2.7.2 was released earlier today. The key motivation for cutting a release and doing so now is the fix for vulnerability CVE-2025-59375, which ClusterFuzz/OSS-Fuzz uncovered through their automated, continuous fuzzing: A file of ~250 KiB size was able to make unfixed Expat allocate ~800 MiB of dynamic memory — an "amplification" of factor ~3,300 — that an attacker could leverage to cause remote denial of service.

The rest of the release is the usual mix of improvements and fixes to the two build systems, documentation, infrastructure, as well as addressing warnings from compilers and static analysis tools.

Thanks to everyone who contributed to this release of Expat!

For more details about this release, please check out the change log.

If you maintain Expat packaging, a bundled copy of Expat, or a pinned version of Expat, please update to version 2.7.2. Thank you!

Sebastian Pipping

Original title: 'Not about crime': Maddow CRACKS OPEN Trump's real motives in deploying the National Guard to D.C.

Original title: Adele at the BBC: When Adele wasn't Adele... but was Jenny!

IMDB: The Atomic Soldiers (2018)

Original title: Atomic Veterans Were Silenced for 50 Years. Now, They're Talking.

Original title: Nicolle Wallace calls out Kristi Noem’s lie over Sen. Alex Padilla’s handcuffing and forced removal

Original title: Warren Condemns Assault of Senator Padilla: Trump is Making This Nation Look Like a Fascist State