Hi Archana,

 

The fix for this CVE consists of 3 commits (fix in file, test to check for issue and doc update) 
(ref-> https://github.com/libexpat/libexpat/pull/890/commits)

Out of which you have backported only 2 (Fix in file and doc update). the commit for "test to check len<0" is not added in the patch

is there any specific reason to exclude it ? if not, could you send a v2 incorporting the missing commit too ?

BR,

Siddharth