| Package | expat |
|---|---|
| Version | 2.1.0-6+deb8u10 (jessie), 2.2.0-2+deb9u7 (stretch) |
| Related CVEs | CVE-2022-43680 |
In src:expat, an XML parsing C library, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
For Debian 8 jessie, these problems have been fixed in version 2.1.0-6+deb8u10.
For Debian 9 stretch, these problems have been fixed in version 2.2.0-2+deb9u7.
We recommend that you upgrade your expat packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.