{"id":"CLSA-2026-1767798754","summary":"expat: Fix of 3 CVEs","details":"- Rebase to version 2.5.0\n- CVE-2024-28757: prevent billion laughs attacks in isolated external parser\n  (part of #839), reject direct parameter entity recursion (part of #839)\n- CVE-2025-59375: fix memory amplification and add allocation tracker\n- CVE-2013-0340: properly handle entities expansion","modified":"2026-05-27T11:34:06.195988483Z","published":"2026-01-07T15:12:38Z","upstream":["CVE-2013-0340","CVE-2024-28757","CVE-2025-59375"],"references":[{"type":"ADVISORY","url":"https://errata.tuxcare.com/els_os/centos-stream8els/CLSA-2026-1767798754.html"}],"affected":[{"package":{"name":"expat","ecosystem":"TuxCare:CentOS-Stream:8","purl":"pkg:rpm/tuxcare/expat?distro=centos-stream-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.5.0-1.el8.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2026-1767798754.json"}},{"package":{"name":"expat-devel","ecosystem":"TuxCare:CentOS-Stream:8","purl":"pkg:rpm/tuxcare/expat-devel?distro=centos-stream-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.5.0-1.el8.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2026-1767798754.json"}},{"package":{"name":"expat-static","ecosystem":"TuxCare:CentOS-Stream:8","purl":"pkg:rpm/tuxcare/expat-static?distro=centos-stream-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.5.0-1.el8.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2026-1767798754.json"}}],"schema_version":"1.7.5"}