Debian LTS Advisory DLA-2904-1                [email protected]
https://www.debian.org/lts/security/                      Markus Koschany
January 30, 2022                              https://wiki.debian.org/LTS

Package        : expat
Version        : 2.2.0-2+deb9u4
CVE ID         : CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 
                 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 
                 CVE-2022-23852 CVE-2022-23990
Debian Bug     : 1002994 1003474

Multiple security vulnerabilities have been discovered in Expat, the XML
parsing C library. Integer overflows or invalid shifts may lead to a denial
of service or other unspecified impact.

For Debian 9 stretch, these problems have been fixed in version

We recommend that you upgrade your expat packages.

For the detailed security status of expat please refer to
its security tracker page at:

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS