Expat 2.7.2 released, includes security fixes

To: sebastian%pipping.org@localhost
Subject: Expat 2.7.2 released, includes security fixes
From: Sebastian Pipping <sebastian%pipping.org@localhost>
Date: Tue, 16 Sep 2025 21:30:10 +0200

Hello everyone!


(I know that some of you have already updated — thanks!)

Expat 2.7.2 has been released earlier today.

The most interesting part is the fix to vulnerability CVE-2025-59375.

I will publish the fuzzing payload file that uncovered the issue
shortly after this e-mail at
https://github.com/libexpat/libexpat/issues/1018 .  It can also be
passed to Expat's xmlwf CLI to tell vulnerable and fixed apart
as needed.

As usual, the change log with more information is at
https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes

If you have patches for Expat that are still required with version
2.7.2, please send them my way so we can get them included with a future
release. Thank you!

Best



Sebastian

Prev by Date: Re: How to patch for: #include <bits/wordsize.h>
Next by Date: XFCE4 xscreensaver integration
Previous by Thread: clamav on i386?
Next by Thread: XFCE4 xscreensaver integration
Indexes:

Home | Main Index | Thread Index | Old Index