A heap-based buffer overread vulnerability in expat, an XML parsing library.
A specially-crafted XML input could fool the parser into changing from DTD
parsing to document parsing too early; a consecutive call to
XML_GetCurrentColumnNumber) then resulted in a
heap-based buffer overread.
For Debian 7 Wheezy, these problems have been fixed in version 2.1.0-1+deb7u7.
We recommend that you upgrade your expat packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/