libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). https://github.com/libexpat/libexpat/issues/839 https://github.com/libexpat/libexpat/pull/842
Created expat tracking bugs for this issue: Affects: fedora-all [bug 2268767]
Created mingw-expat tracking bugs for this issue: Affects: fedora-all [bug 2268768]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:1530 https://access.redhat.com/errata/RHSA-2024:1530
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:3926 https://access.redhat.com/errata/RHSA-2024:3926