We take a patch from Debian, apparently written by the Expat maintainer [0], to fix two recently disclosed bugs. Your review is requested.
[0] The commit hash in the patch doesn't seem to exist anywhere on the internet besides the Debian servers. It doesn't exist in the Expat Git repo. Leo Famulari (1): gnu: expat: Fix CVE-2012-6702 and CVE-2016-5300. gnu/local.mk | 1 + .../expat-CVE-2012-6702-and-CVE-2016-5300.patch | 142 +++++++++++++++++++++ gnu/packages/xml.scm | 3 +- 3 files changed, 145 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/expat-CVE-2012-6702-and-CVE-2016-5300.patch -- 2.8.3
