For the update of this library, just clone the repository and use the tag R_2_2_0
this tag contains the fix for CVE-2016-0718.

now, there is no experts (in https://github.com/python/devguide/blob/master/experts.rst#stdlib) for the xml.parsers.expat module, and in this case, I am not sure about this update, but all the tests passed.

git clone https://github.com/libexpat/libexpat
cd libexpat
git checkout R_2_2_0
cp expat/lib/*.{c,h} ~/cpython/Modules/expat/