DSA-2525 expat - several vulnerabilities

It was discovered that Expat, a C library to parse XML, is vulnerable
to denial of service through hash collisions and a memory leak in
pool handling.