Versions mentioned in the description apply to the upstream
Remediation section below for
Debian:9 relevant versions.
A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.
libxml2 to version 2.9.4+dfsg1-2.2+deb9u5 or higher.