-
libxslt (1.1.28-2ubuntu0.2) trusty-security; urgency=medium
* SECURITY UPDATE: Bypass of protection mechanism
- debian/patches/CVE-2019-11068.patch: Fix security
framework bypass checking for returns equal or less
-1 in libxslt/documents.c, libxslt/imports.c,
libxslt/transform.c,libxslt/xslt.c.
- CVE-2019-11068
-- <email address hidden> (Leonidas S. Barbosa) Fri, 12 Apr 2019 14:10:20 -0300
-
libxslt (1.1.28-2ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: type-confusion leading to denial of service
- debian/patches/0009-CVE-2015-7955.patch: check that the parent
node is an element before dereferencing its namespace
- CVE-2015-7955
* SECURITY UPDATE: out-of-bounds heap memory access
- debian/patches/0010-CVE-2016-1683.patch: special case namespace
nodes in xsltNumberFormatGetMultipleLevel
- CVE-2016-1683
* SECURITY UPDATE: integer overflow
- debian/patches/0011-CVE-2016-1684-1.patch,
debian/patches/0012-CVE-2016-1684-2.patch: add lower and upper
bounds for 'i' and 'a' format tokens
- CVE-2016-1684
* SECURITY UPDATE: use-after-free in xsltDocumentFunctionLoadDocument
- debian/patches/0013-CVE-2016-1841.patch: adjust xmlFree() call
- CVE-2016-1841
* SECURITY UPDATE: heap information leak
- debian/patches/0014-CVE-2016-4738.patch: check for empty
decimal separator.
- CVE-2016-4738
* SECURITY UPDATE: integer overflow in libxslt.
- debian/patches/0015-CVE-2017-5029.patch: limit buffer size in
xsltAddTextString to INT_MAX.
- CVE-2017-5029
* SECURITY UPDATE: double free in hash functions
- 0016-Fix-double-free-in-libexslt-hash-functions-d8862309f0.patch:
remove duplicate free calls
* SECURITY UPDATE: NULL pointer dereference in Saxon
- 0017-Fix-error-handling-in-Saxon-extension-functions-ef7429bb4.patch:
fix error handling in Saxon extension functions
* SECURITY UPDATE: out-of-bounds heap memory access
- 0018-Fix-dyn-map-with-namespace-nodes-93bb3147.patch: use
correct type for namespace nodes in exsltDynMapFunction
* SECURITY UPDATE: out-of-bounds heap read memory access
- 0019-Fix-saxon-line-number-with-namespace-nodes-8b90c9a6.patch:
do not pass namespace "nodes" to xmlGetLineNo
* SECURITY UPDATE: stack-based buffer overflow in exsltDateFormat
- 0020-Fix-buffer-overflow-in-exsltDateFormat-5d0c6565b.patch:
make stack buffer larger
* SECURITY UPDATE: out-of-bounds head read in xsltExtModuleRegisterDynamic
- 0021-Fix-OOB-heap-read-in-xsltExtModuleRegisterDynamic-87c3d9ea.patch:
correct stripping of unwanted characters
-- Steve Beattie <email address hidden> Wed, 26 Apr 2017 16:34:05 -0700
-
libxslt (1.1.28-2build1) trusty; urgency=medium
* Rebuild to drop files installed into /usr/share/pyshared.
-- Matthias Klose <email address hidden> Sun, 23 Feb 2014 13:48:33 +0000
-
libxslt (1.1.28-2) unstable; urgency=low
* debian/patches/000[4-8].patch:
Upstream post release patches.
-- Aron Xu <email address hidden> Thu, 01 Aug 2013 13:55:48 +0800