libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | expat | <= 2.5.0-1 | expat_2.5.0-1_all.deb |
Debian | 11 | all | expat | <= 2.2.10-2+deb11u5 | expat_2.2.10-2+deb11u5_all.deb |
Debian | 999 | all | expat | < 2.6.1-2 | expat_2.6.1-2_all.deb |
Debian | 13 | all | expat | < 2.6.1-2 | expat_2.6.1-2_all.deb |