oss-sec mailing list archives

Re: libexpat 2.7.5 fixes three vulnerabilities (2x null deref, 1x infinite loop)

From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Tue, 17 Mar 2026 14:12:34 -0700

On 3/17/26 13:48, Sebastian Pipping wrote:

Hello oss-security,


just a quick note that libexpat 2.7.5 (or "Expat 2.7.5") released
today is fixing three vulnerabilities.

Some key links are:

- The blog post about it:
   https://blog.hartwork.org/posts/expat-2-7-5-released/


I note the blog post also reminds us:

  "So much for the fixed vulnerabilities. There are also three known unfixed
   security issues remaining in libexpat, and there is a GitHub issue listing
   known unfixed security issues in libexpat for anyone interested."

with a link to https://github.com/libexpat/libexpat/issues/1160 inline.

--
        -Alan Coopersmith-                 alan.coopersmith () oracle com
         Oracle Solaris Engineering - https://blogs.oracle.com/solaris

Current thread:

libexpat 2.7.5 fixes three vulnerabilities (2x null deref, 1x infinite loop) Sebastian Pipping (Mar 17)
- Re: libexpat 2.7.5 fixes three vulnerabilities (2x null deref, 1x infinite loop) Alan Coopersmith (Mar 17)