libxslt 1.1.26-8ubuntu1.4 source package in Ubuntu

Changelog

libxslt (1.1.26-8ubuntu1.4) precise-security; urgency=medium

  * SECURITY UPDATE: type-confusion leading to denial of service
    - libxslt/preproc.c: check that the parent node is an element
      before dereferencing its namespace
    - 7ca19df892ca22d9314e95d59ce2abdeff46b617
    - CVE-2015-7955
  * SECURITY UPDATE: out-of-bounds heap memory access
    - libxslt/numbers.c: precompile patterns in xsl:number (prereq),
      special case namespace nodes in xsltNumberFormatGetMultipleLevel
      libxslt/preproc.c, numbersInternals.h: precompile patterns
      in xsl:number (prereq change)
      tests/docs/bug-186*: add testcase
    - Prereq commits: 0d6713d715509da1fec27bec220d43aa4fc48d0f,
      102099fb3bc0b29ede7dadc6388337ef4de59a74
    - d182d8f6ba3071503d96ce17395c9d55871f0242
    - CVE-2016-1683
  * SECURITY UPDATE: integer overflow
    - libxslt/numbers.c: add lower and upper bounds for 'i' and 'a'
      format tokens
    - 91d0540ac9beaa86719a05b749219a69baa0dd8d
    - 405034286fbdd6166229335b7203a41bf53b40fc
    - CVE-2016-1684
  * SECURITY UPDATE: use-after-free in xsltDocumentFunctionLoadDocument
    - libxslt/functions.c: adjust xmlFree() call
      tests/docs/bug-185*, tests/general/bug-185*: add test csses
    - fc1ff481fd01e9a65a921c542fed68d8c965e8a3
    - CVE-2016-1841
  * SECURITY UPDATE: heap information leak
    - libxslt/numbers.c: check for empty decimal separator.
    - eb1030de31165b68487f288308f9d1810fed6880
    - CVE-2016-4738
  * SECURITY UPDATE: integer overflow in libxslt.
    - libxslt/transform.c, libxslt/xsltInternals.h: limit buffer size
      in xsltAddTextString to INT_MAX.
    - 08ab2774b870de1c7b5a48693df75e8154addae5
    - CVE-2017-5029
  * SECURITY UPDATE: double free in hash functions
    - libexslt/crypto.c: remove duplicate free calls
    - d8862309f08054218b28e2c8f5fb3cb2f650cac7
  * SECURITY UPDATE: NULL pointer dereference in Saxon
    - libexslt/saxon.c: fix error handling in Saxon extension functions
      configure.in, tests/exslt/Makefile.am, tests/exslt/saxon/:
      add test cases
    - ef7429bb4f1433726cc8fc4fe3d134d8a439fab1
  * SECURITY UPDATE: out-of-bounds heap memory access
    - libexslt/dynamic.c: use correct type for namespace nodes in
      exsltDynMapFunction
      tests/exslt/dynamic/dynmap*: add testcase
    - 93bb314768aafaffad1df15bbee10b7c5423e283
  * SECURITY UPDATE: out-of-bounds heap read memory access
    - libexslt/saxon.c: do not pass namespace "nodes" to xmlGetLineNo
      tests/exslt/saxon/Makefile.am, tests/exslt/saxon/lineno.1*:
      add test case
    - 8b90c9a699e0eaa98bbeec63a473ddc73aaa238c
  * SECURITY UPDATE: stack-based buffer overflow in exsltDateFormat
    - libexslt/date.c: make stack buffer larger
    - 5d0c6565bab5b9b7efceb33b626916d22b4101a7
  * SECURITY UPDATE: out-of-bounds head read in xsltExtModuleRegisterDynamic
    - libxslt/extensions.c: correct stripping of unwanted characters
    - 87c3d9ea214fc0503fd8130b6dd97431d69cc066

 -- Steve Beattie <email address hidden>  Thu, 27 Apr 2017 10:58:44 -0700

Upload details

Uploaded by:
Steve Beattie on 2017-04-27
Uploaded to:
Precise
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
text
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Precise updates on 2017-04-28 main libs
Precise security on 2017-04-27 main libs

Downloads

File Size SHA-256 Checksum
libxslt_1.1.26.orig.tar.gz 3.2 MiB 55dd52b42861f8a02989d701ef716d6280bfa02971e967c285016f99c66e3db1
libxslt_1.1.26-8ubuntu1.4.diff.gz 108.6 KiB 276298318b01911019fe1cb18e74d2e02d0d5ef4c42cf0d954b0fc6dcaa8ed4b
libxslt_1.1.26-8ubuntu1.4.dsc 2.3 KiB d9738e7fb894ffc83303e2374308d94b22e508afa6be54b4eb519452e9d3a763

View changes file

Binary packages built by this source

libxslt1-dbg: XSLT 1.0 processing library - debugging symbols

 XSLT is an XML language for defining transformations of XML files from
 XML to some other arbitrary format, such as XML, HTML, plain text, etc.
 using standard XSLT stylesheets. libxslt is a C library which
 implements XSLT version 1.0.
 .
 This package provides the debugging symbols for the library and for
 the xsltproc utility provided by the xsltproc package.
 Debugging symbols for the Python modules are not available.

libxslt1-dev: XSLT 1.0 processing library - development kit

 XSLT is an XML language for defining transformations of XML files from
 XML to some other arbitrary format, such as XML, HTML, plain text, etc.
 using standard XSLT stylesheets. libxslt is a C library which
 implements XSLT version 1.0.
 .
 This package contains the development files for libxslt.

libxslt1.1: XSLT 1.0 processing library - runtime library

 XSLT is an XML language for defining transformations of XML files from
 XML to some other arbitrary format, such as XML, HTML, plain text, etc.
 using standard XSLT stylesheets. libxslt is a C library which
 implements XSLT version 1.0.
 .
 This package contains the libxslt library used by applications for XSLT
 transformations.

libxslt1.1-dbgsym: debug symbols for package libxslt1.1

 XSLT is an XML language for defining transformations of XML files from
 XML to some other arbitrary format, such as XML, HTML, plain text, etc.
 using standard XSLT stylesheets. libxslt is a C library which
 implements XSLT version 1.0.
 .
 This package contains the libxslt library used by applications for XSLT
 transformations.

python-libxslt1: Python bindings for libxslt1

 XSLT is an XML language for defining transformations of XML files from
 XML to some other arbitrary format, such as XML, HTML, plain text, etc.
 using standard XSLT stylesheets. libxslt is a C library which
 implements XSLT version 1.0.
 .
 This package contains Python bindings for libxslt, needed to use
 libxslt in Python programs.

python-libxslt1-dbg: Python bindings for libxslt1 (debug extension)

 XSLT is an XML language for defining transformations of XML files from
 XML to some other arbitrary format, such as XML, HTML, plain text, etc.
 using standard XSLT stylesheets. libxslt is a C library which
 implements XSLT version 1.0.
 .
 This package contains Python bindings for libxslt, needed to use
 libxslt in Python programs for use with the Python debug interpreter.

python-libxslt1-dbgsym: debug symbols for package python-libxslt1

 XSLT is an XML language for defining transformations of XML files from
 XML to some other arbitrary format, such as XML, HTML, plain text, etc.
 using standard XSLT stylesheets. libxslt is a C library which
 implements XSLT version 1.0.
 .
 This package contains Python bindings for libxslt, needed to use
 libxslt in Python programs.

xsltproc: XSLT 1.0 command line processor

 XSLT is an XML language for defining transformations of XML files from
 XML to some other arbitrary format, such as XML, HTML, plain text, etc.
 using standard XSLT version 1.0 stylesheets.
 .
 This package contains a command line tool that facilitates XSLT
 transformations.

xsltproc-dbgsym: debug symbols for package xsltproc

 XSLT is an XML language for defining transformations of XML files from
 XML to some other arbitrary format, such as XML, HTML, plain text, etc.
 using standard XSLT version 1.0 stylesheets.
 .
 This package contains a command line tool that facilitates XSLT
 transformations.