CLSA-2026-1776440644 expat: Fix of 4 CVEs

CVE-2017-9233: fix external entity infinite loop in entityValueInitProcessor and entityValueProcessor - CVE-2023-52425: add reparse deferral heuristic to prevent On^2 parsing of large tokens in small buffer refills; fix buffer growth calculation - CVE-2013-0340: add billion laughs entity...

CLSA-2026-1767799061 expat: Fix of 3 CVEs

Rebase to version 2.5.0 - CVE-2024-28757: prevent billion laughs attacks in isolated external parser part of 839, reject direct parameter entity recursion part of 839 - CVE-2025-59375: fix memory amplification and add allocation tracker - CVE-2013-0340: properly handle entities expansion...

CLSA-2026-1767798754 expat: Fix of 3 CVEs

Rebase to version 2.5.0 - CVE-2024-28757: prevent billion laughs attacks in isolated external parser part of 839, reject direct parameter entity recursion part of 839 - CVE-2025-59375: fix memory amplification and add allocation tracker - CVE-2013-0340: properly handle entities expansion...

CLSA-2025-1741291038 expat: Fix of CVE-2024-28757

CVE-2024-28757: Prevent billion laughs attacks in isolated external parser part of 839 Reject direct parameter entity recursion part of 839...

AZL-35841 CVE-2024-28757 affecting package expat for versions less than 2.6.2-2

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers created via XMLExternalEntityParserCreate...