It was discovered that there was a heap-based buffer overread
vulnerability in expat, an XML parsing library.
A specially-crafted XML input could fool the parser into changing
from DTD parsing to document parsing too early; a consecutive call to
XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then
resulted in a heap-based buffer overread.
For Debian 8 "Jessie", this issue has been fixed in expat version
We recommend that you upgrade your expat packages.
: :' : Chris Lamb
`. `'` [email protected] / chris-lamb.co.uk
Version : 2.1.0-6+deb8u6
CVE IDs : CVE-2019-15903