Rhodri James discovered a heap use-after-free vulnerability in the
doContent function in Expat, an XML parsing C library, which could
result in denial of service or potentially the execution of arbitrary
code, if a malformed XML file is processed.
For the stable distribution (bullseye), this problem has been fixed in
We recommend that you upgrade your expat packages.