libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). Bugs https://github.com/libexpat/libexpat/issues/839 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065868 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 Notes Author| Note —|— sbeattie | paraview uses system expat xotcl uses system expat poco uses system expat gdcm uses system expat audacity uses system expat simgear uses system expat coin3 uses system expat as of 4.0.0~CMake~6f54f1602475+ds1-1 sitecopy uses system expat since 1:0.16.0-1 (dapper!) insighttoolkit uses system expat as of 4.12.1-dfsg1 mdeslaur | apache2 uses system expat apr-util uses system expat cmake uses system expat ghostscript uses system expat firefox uses system…Read More