xerces-c (3.1.3+debian-2.1) unstable; urgency=medium

  In addition to the fix for CVE-2016-4463 this update enables applications to
  fully disable DTD processing through the use of an environment variable.
  .
  XERCES_DISABLE_DTD set to "1" will cause the scanner to report a fatal error
  if a DTD is seen. Existing applications won't see any change.

 -- Salvatore Bonaccorso <carnil@debian.org>  Tue, 28 Jun 2016 16:50:55 +0200