Hello Laszlo, I see that the commit https://github.com/libexpat/libexpat/commit/0adcb34c49bee5b19bd29b16a578c510c23597ea is present in the branches corresponding to the expat version >=2.4.3. At the same time, I see that Debian reported the issue fixed in https://security-tracker.debian.org/tracker/CVE-2021-45960, in the versions 2.2.0-2+deb9u5, 2.2.6-2+deb10u3 and 2.2.10-2+deb11u2. I’m having a hard time seeing how the fix was ported to earlier versions of expat. Could you please point me to where those fixes were ported? Thank you,
Carlos Rodriguez-Fernandez Principal Software Engineer www.healthtrio.com
