Debian Linux Security Advisory 5085-2 - The update for expat released as DSA 5085-1 introduced regressions for applications using URI characters (':' in particular) for a namespace separator (while the HTML API docs of function XML_ParserCreateNS have been advising against their use). Updated expat packages are now available which relax the fix for CVE-2022-25236 with regard to RFC 3986 URI characters.
↧
