A heap use-after-free vulnerability after overeager destruction of a
shared DTD in the XML_ExternalEntityParserCreate function in Expat, an
XML parsing C library, may result in denial of service or potentially
the execution of arbitrary code.
For the stable distribution (bullseye), this problem has been fixed in
We recommend that you upgrade your expat packages.