Package        : expat
Version        : 2.1.0-6+deb8u6
CVE IDs        : CVE-2019-15903
Debian Bug     : #939394

It was discovered that there was a heap-based buffer overread
vulnerability in expat, an XML parsing library.

A specially-crafted XML input could fool the parser into changing
from DTD parsing to document parsing too early; a consecutive call to
XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then
resulted in a heap-based buffer overread.

For Debian 8 "Jessie", this issue has been fixed in expat version

We recommend that you upgrade your expat packages.


- -- 
     : :'  :     Chris Lamb
     `. `'`      [email protected] /