Hello everyone!
Expat 2.4.5 with security fixes has been released.
Please note that different people evaluate the impact of security issues
differently: 2 of those 5 vulnerability allow proven code execution not
within Expat but in (some) applications using Expat, and hence they are
"critical" on my personal scale while e.g. Ubuntu considers these two as
"low" and "medium" respectively, only. I have contacted Ubuntu security
about that earlier today but have yet to hear back.
There will be a summary blog post at [1] and the change log is at [2]
with more details already.
If you have patches for Expat that are still required with version
2.4.5, please send them my way. Thank you!
[1] https://blog.hartwork.org/posts/expat-2-4-5-released/
[2] https://github.com/libexpat/libexpat/blob/R_2_4_5/expat/Changes