Update expat to 2.2.0
Expat 2.2.0 (released on 2016-06-21) includes security & other bug fixes as described in its changelog.
Security fixes
-
CVE-2016-0718
- Fix crash on malformed input
- CVE-2016-4472
-
CVE-2016-5300
- Use more entropy for hash initialization than the original fix to CVE-2012-0876
-
CVE-2012-6702
- Resolve troublesome internal call to srand that was introduced with Expat 2.1.0 when addressing CVE-2012-0876
Bug fixes
- Fix uninitialized reads of size 1 (e.g. in little2_updatePosition)
- Fix detection of UTF-8 character boundaries