expat (2.4.7-1) unstable; urgency=medium
 .
   * New upstream release:
     - relax fix to CVE-2022-25236 with regard to all valid URI characters
       (RFC 3986).
expat (2.4.6-1) unstable; urgency=medium
 .
   * New upstream release.
expat (2.4.5-2) unstable; urgency=medium
 .
   * Fix build_model regression (closes: #1006162).
expat (2.4.5-1) unstable; urgency=high
 .
   * New upstream release:
     - fixes CVE-2022-25235: certain validation of encoding, such as checks
       for whether a UTF-8 character is valid can cause code execution
       (closes: #1005894),
     - fixes CVE-2022-25236: passing namespace separator characters can cause
       code execution (closes: #1005895),
     - fixes CVE-2022-25313: an attacker can trigger stack exhaustion in
       build_model via a large nesting depth in the DTD element,
     - fixes CVE-2022-25314: integer overflow in function copyString() ,
     - fixes CVE-2022-25315: integer overflow in function storeRawNames() .

r-cran-tmb (1.8.0-1) unstable; urgency=medium
 .
   [ Graham Inggs ]
   * Mark r-cran-matrix_compatibility test superficial
 .
   [ Andreas Tille ]
   * New upstream version
   * dh-update-R to update Build-Depends (routine-update)