Several vulnerabilities have been discovered in Expat, an XML parsing C library, which could result in denial of service or potentially the
execution of arbitrary code, if a malformed XML file is processed.
For the oldstable distribution (buster), these problems have been fixed
in version 2.2.6-2+deb10u3.
For the stable distribution (bullseye), these problems have been fixed in version 2.2.10-2+deb11u2.
We recommend that you upgrade your expat packages.