Errata overview
Errata ID 348
Date 2016-12-01
Source package expat
Fixed in version 2.1.0-1.24.201611102054
This update addresses the following issue(s):
* unanticipated internal calls to srand (CVE-2012-6702)
* Multiple integer overflows in the XML_GetBuffer function in Expat
  through 2.1.0 allow remote attackers to cause a denial of service
  (heap-based buffer overflow) or possibly have unspecified other impact
  via crafted XML data (CVE-2015-1283)
* Out-of-bounds heap read on crafted input causing crash or code
  execution (CVE-2016-0718)
* use of too little entropy (CVE-2016-5300)
Additional notes
CVE ID CVE-2012-6702
UCS Bug number #39421