Merge updates from debian/buster-security
requested to merge wip/ritesh/merge-buster-updates.apertis/v2020-security into apertis/v2020-security
xerces-c (3.2.2+debian-1+deb10u1) buster-security; urgency=high
- Non-maintainer upload.
- CVE-2018-1311 mitigation: fix use-after-free vulnerability when processing external DTD, at the expense of a memory leak. Users may mitigate both by setting the XERCES_DISABLE_DTD environment variable.