-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5266-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 30, 2022 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : expat CVE ID : CVE-2022-43680 Debian Bug : 1022743 A heap use-after-free vulnerability after overeager destruction of a shared DTD in the XML_ExternalEntityParserCreate function in Expat, an XML parsing C library, may result in denial of service or potentially the execution of arbitrary code. For the stable distribution (bullseye), this problem has been fixed in version 2.2.10-2+deb11u5. We recommend that you upgrade your expat packages. For the detailed security status of expat please refer to its security tracker page at: https://security-tracker.debian.org/tracker/expat Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmNehABfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TT5RAAiDBqtdgoagQspAsmWvoT1IJw0fsx2IFA4ynzyAI33nXegNKfDUGmc9wW KVm4APPaFWvy9s4hlA7HeMUdRQRxuW2iL5q3Jnkbjcnm1kISTgxPymt0HFeJWr9T VRSQt0OqUtzzOvNAz2lSd86551EMPa/oS0fvLq/vDTC3mTL1WsoMsouJR+l7potT MtJf43G10AmfLx+XgSsfmHU2Hvf5S2PO7aEmNHic9HW7bwUqm6KF2lZs5Qo4IVyk qQ3eKufLg0HZcOi+QMWxpKYzxOR/tnzYHjLAzTI7yjugBBufcaux1kYnB0ULnDLf Oc+uHXuhttfji4sbEzGB9uWDX+rhtBszcaM/Ww53J8tDy3chnv93pi5em1ABQljr PjFz/+N4g4tsNgdCTvMjT332kPi6W9zFUA/iB21LP4H7xc3stGCVubZW0UVcvOu2 ubCabr/XQBOtlnc4tj/L9UyQW+Rfqe9x1WHkhwTuHMg8/YcqWljv3LwTz1DXfyFF 0vmSlliOr0POP7I0iJvrw647rVBaNEsVPNqFhPu5Ro5jd5y3gt+f763J692JXfTP QJc3PaJz37NCdupga7lPu1W5cSLAYtze5JxqH4XJaKFprpaGfo3OFIDas0Z5yIs8 DxMbjmY9VlpMQ8vKfHYPgoKV+NRv9bKKpBLxYI/o4bq8uA4JgpE= =bLU+ -----END PGP SIGNATURE-----