It was found that original fix for CVE-2012-0876 used too little entropy for the hash intilization. CVE assignment: http://seclists.org/oss-sec/2016/q2/473
Created compat-expat1 tracking bugs for this issue: Affects: fedora-all [bug 1343087]
Created expat tracking bugs for this issue: Affects: fedora-all [bug 1343086]
Created mingw-expat tracking bugs for this issue: Affects: fedora-all [bug 1343088] Affects: epel-7 [bug 1343090]
Created expat21 tracking bugs for this issue: Affects: epel-all [bug 1343089]
Created attachment 1165210 [details] Proposed upstream patch