Expat 2.7.5 released, includes security fixes

To: sebastian%pipping.org@localhost
Subject: Expat 2.7.5 released, includes security fixes
From: Sebastian Pipping <sebastian%pipping.org@localhost>
Date: Tue, 17 Mar 2026 22:21:36 +0100

Hello everyone!


(I know that some of you have already updated — thanks!)

Expat 2.7.5 has been released earlier today, and it brings
three security fixes:

  CVE-2026-32776 — NULL pointer dereference (CWE-476)
  CVE-2026-32777 — infinite loop (CWE-835)
  CVE-2026-32778 — NULL pointer dereference (CWE-476)

As usual, the change log has more information and is available at
https://github.com/libexpat/libexpat/blob/R_2_7_5/expat/Changes .

There is also a blog-post version of this from as slightly different
angle: https://blog.hartwork.org/posts/expat-2-7-5-released/ .

If you have patches for Expat that are still required with version
2.7.5, please send them my way so we can get them included with a future
release. Thank you!

Best



Sebastian

Prev by Date: Re: Debugging a go build
Previous by Thread: Debugging a go build
Indexes:

Home | Main Index | Thread Index | Old Index