ELA-161-1 expat security update

Heap-based vulnerability

2019-09-06
Packageexpat
Version2.1.0-1+deb7u7
Related CVE CVE-2019-15903

A heap-based buffer overread vulnerability in expat, an XML parsing library.

A specially-crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer overread.

For Debian 7 Wheezy, these problems have been fixed in version 2.1.0-1+deb7u7.

We recommend that you upgrade your expat packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/