Expat 2.5.0 released, includes security fixes
libexpat is a fast streaming XML parser. Alongside libxml2, Expat is one of the most widely used software libre XML parsers written in C, precisely C99. It is cross-platform and licensed under the MIT license.
has been released
Most importantly, this release fixes
a heap use-after-free vulnerability
after overeager destruction of a shared DTD
in out-of-memory situations,
with expected impact of denial of service
or potentially arbitrary code execution.
There are non-security bugfixes and other improvements, too.
For more details, please
check out the change log.
If you maintain Expat packaging or a bundled copy of Expat or a pinned version of Expat somewhere, please update to 2.5.0. Thank you!