Updated expat packages has been released for Debian 7 LTS
Package : expatExpat security update for Debian 7 LTS
Version : 2.1.0-1+deb7u5
CVE ID : CVE-2017-9233
It was discovered that there was an infinite loop vulnerability in expat, a XML
parsing C library:
https://libexpat.github.io/doc/cve-2017-9233/
For Debian 7 "Wheezy", this issue has been fixed in expat version
2.1.0-1+deb7u5.
We recommend that you upgrade your expat packages.