libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
{ "ubuntu_priority": "medium" }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "libexpat1-dev": "2.4.7-1ubuntu0.3", "expat": "2.4.7-1ubuntu0.3", "expat-dbgsym": "2.4.7-1ubuntu0.3", "libexpat1": "2.4.7-1ubuntu0.3", "libexpat1-dbgsym": "2.4.7-1ubuntu0.3" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "libexpat1-dev": "2.6.1-2build1", "expat": "2.6.1-2build1", "expat-dbgsym": "2.6.1-2build1", "libexpat1": "2.6.1-2build1", "libexpat1-dbgsym": "2.6.1-2build1" } ] }