An arbitrary file reads from malformed XML payload vulnerbility was
discovered in owslib, the Python client library for Open Geospatial (OGC)
web services. This issue has been addressed by always using lxml as the
XML parser with entity resolution disabled.
For the oldstable distribution (bullseye), this problem has been fixed
in version 0.23.0-1+deb11u1.
We recommend that you upgrade your owslib packages.