Publishing details


libxslt (1.1.26-8ubuntu1.4) precise-security; urgency=medium

  * SECURITY UPDATE: type-confusion leading to denial of service
    - libxslt/preproc.c: check that the parent node is an element
      before dereferencing its namespace
    - 7ca19df892ca22d9314e95d59ce2abdeff46b617
    - CVE-2015-7955
  * SECURITY UPDATE: out-of-bounds heap memory access
    - libxslt/numbers.c: precompile patterns in xsl:number (prereq),
      special case namespace nodes in xsltNumberFormatGetMultipleLevel
      libxslt/preproc.c, numbersInternals.h: precompile patterns
      in xsl:number (prereq change)
      tests/docs/bug-186*: add testcase
    - Prereq commits: 0d6713d715509da1fec27bec220d43aa4fc48d0f,
    - d182d8f6ba3071503d96ce17395c9d55871f0242
    - CVE-2016-1683
  * SECURITY UPDATE: integer overflow
    - libxslt/numbers.c: add lower and upper bounds for 'i' and 'a'
      format tokens
    - 91d0540ac9beaa86719a05b749219a69baa0dd8d
    - 405034286fbdd6166229335b7203a41bf53b40fc
    - CVE-2016-1684
  * SECURITY UPDATE: use-after-free in xsltDocumentFunctionLoadDocument
    - libxslt/functions.c: adjust xmlFree() call
      tests/docs/bug-185*, tests/general/bug-185*: add test csses
    - fc1ff481fd01e9a65a921c542fed68d8c965e8a3
    - CVE-2016-1841
  * SECURITY UPDATE: heap information leak
    - libxslt/numbers.c: check for empty decimal separator.
    - eb1030de31165b68487f288308f9d1810fed6880
    - CVE-2016-4738
  * SECURITY UPDATE: integer overflow in libxslt.
    - libxslt/transform.c, libxslt/xsltInternals.h: limit buffer size
      in xsltAddTextString to INT_MAX.
    - 08ab2774b870de1c7b5a48693df75e8154addae5
    - CVE-2017-5029
  * SECURITY UPDATE: double free in hash functions
    - libexslt/crypto.c: remove duplicate free calls
    - d8862309f08054218b28e2c8f5fb3cb2f650cac7
  * SECURITY UPDATE: NULL pointer dereference in Saxon
    - libexslt/saxon.c: fix error handling in Saxon extension functions, tests/exslt/, tests/exslt/saxon/:
      add test cases
    - ef7429bb4f1433726cc8fc4fe3d134d8a439fab1
  * SECURITY UPDATE: out-of-bounds heap memory access
    - libexslt/dynamic.c: use correct type for namespace nodes in
      tests/exslt/dynamic/dynmap*: add testcase
    - 93bb314768aafaffad1df15bbee10b7c5423e283
  * SECURITY UPDATE: out-of-bounds heap read memory access
    - libexslt/saxon.c: do not pass namespace "nodes" to xmlGetLineNo
      tests/exslt/saxon/, tests/exslt/saxon/lineno.1*:
      add test case
    - 8b90c9a699e0eaa98bbeec63a473ddc73aaa238c
  * SECURITY UPDATE: stack-based buffer overflow in exsltDateFormat
    - libexslt/date.c: make stack buffer larger
    - 5d0c6565bab5b9b7efceb33b626916d22b4101a7
  * SECURITY UPDATE: out-of-bounds head read in xsltExtModuleRegisterDynamic
    - libxslt/extensions.c: correct stripping of unwanted characters
    - 87c3d9ea214fc0503fd8130b6dd97431d69cc066

 -- Steve Beattie <email address hidden>  Thu, 27 Apr 2017 10:58:44 -0700

Available diffs


Built packages

Package files