Debian Linux Security Advisory 5085-2 - The update for expat released as DSA 5085-1 introduced regressions for applications using URI characters (':' in particular) for a namespace separator (while the HTML API docs of function XML_ParserCreateNS have been advising against their use). Updated expat packages are now available which relax the fix for CVE-2022-25236 with regard to RFC 3986 URI characters.
d518bc8536e0ddf3fe6cfe3ace97c1a0386a4b855e7af45f346007135b20089d