[3.13] expat : Backport expat version from edge to alpine 3.13
expat fixed CVE-2013-0340/CWE-776 on May 23 2021 and released new version 2.4.0. https://github.com/libexpat/libexpat/blob/R_2_4_0/expat/Changes
alpine 3.14 & edge has fixed version 2.4.1-r0. Is it possible to have this version backported to alpine 3.13? Currently we have been not able to take alpine 3.14 due to following note in release notes of alpine 3.14
The faccessat2 syscall has been enabled in musl. This can result in issues on docker hosts with older versions of docker (<20.10.0) and libseccomp (<2.4.4), which blocks this syscall.
This would need a major upgrade and need lot of changes to build systems and our services. In the meantime, we would want the security vulnerabilities fixed on existing system.
Thanks, Nagasudhan