textproc/expat2: address two CVEs reported by upstream

PR: 210155
Reported by: Sebastian Pipping <sebastian@pipping.org>
Approved by: ports-secteam (with hat)
Security: CVE-2012-6702
Security: CVE-2016-5300
Security: https://vuxml.FreeBSD.org/freebsd/c9c252f5-2def-11e6-ae88-002590263bf5.html
MFH: 2016Q2