There are 2 open security issues in bookworm.
2 issues left for the package maintainer to handle:
- CVE-2023-52425:
(needs triaging)
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.
- CVE-2024-50602:
(needs triaging)
An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.
You can find information about how to handle these issues in the security team's documentation.
![[bug history graph]](https://qa.debian.org/data/bts/graphs/e/expat.png){kind=link}