tinyxml.h | 4 4 0 - 0 !
1 file changed, 4 insertions( )

 tinyxml is built with tixml_use_stl, so we have to
 enforce it when the library is used.

tinyxml.cpp | 25 1 24 - 0 !
xmltest.cpp | 10 10 0 - 0 !
2 files changed, 11 insertions( ), 24 deletions(-)

 tinyxml incorrectly encodes text element containing an ampersand followed by either x or #.

tinyxmlparser.cpp | 6 6 0 - 0 !
1 file changed, 6 insertions( )

 in stamp always advance the pointer if *p= 0xef
 .
 The current implementation only advanced if 0xef is followed
 by two non-zero bytes. In case of malformed input (0xef should be
 the start byte of a three byte character) this leads to an infinite
 loop. (CVE-2021-42260)

tinyxmlparser.cpp | 4 4 0 - 0 !
1 file changed, 4 insertions( )

 avoid reachable assertion via crafted xml document with a '\0'
 located after whitespace

Bug: https://www.forescout.com/resources/sierra21-vulnerabilities
Bug-Debian: https://bugs.debian.org/1059315
Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2023-34194
Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2023-40462