libxslt 1.1.28-2.1ubuntu0.1 source package in Ubuntu

Changelog

libxslt (1.1.28-2.1ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds heap memory access
    - debian/patches/0010-CVE-2016-1683.patch: special case namespace
      nodes in xsltNumberFormatGetMultipleLevel
    - CVE-2016-1683
  * SECURITY UPDATE: integer overflow
    - debian/patches/0011-CVE-2016-1684-1.patch,
      debian/patches/0012-CVE-2016-1684-2.patch: add lower and upper
      bounds for 'i' and 'a' format tokens
    - CVE-2016-1684
  * SECURITY UPDATE: use-after-free in xsltDocumentFunctionLoadDocument
    - debian/patches/0013-CVE-2016-1841.patch: adjust xmlFree() call
    - CVE-2016-1841
  * SECURITY UPDATE: heap information leak
    - debian/patches/0014-CVE-2016-4738.patch: check for empty
      decimal separator.
    - CVE-2016-4738
  * SECURITY UPDATE: integer overflow in libxslt.
    - debian/patches/0015-CVE-2017-5029.patch: limit buffer size in
      xsltAddTextString to INT_MAX.
    - CVE-2017-5029
  * SECURITY UPDATE: double free in hash functions
    - 0016-Fix-double-free-in-libexslt-hash-functions-d8862309f0.patch:
      remove duplicate free calls
  * SECURITY UPDATE: NULL pointer dereference in Saxon
    - 0017-Fix-error-handling-in-Saxon-extension-functions-ef7429bb4.patch:
      fix error handling in Saxon extension functions
  * SECURITY UPDATE: out-of-bounds heap memory access
    - 0018-Fix-dyn-map-with-namespace-nodes-93bb3147.patch: use
      correct type for namespace nodes in exsltDynMapFunction
  * SECURITY UPDATE: out-of-bounds heap read memory access
    - 0019-Fix-saxon-line-number-with-namespace-nodes-8b90c9a6.patch:
      do not pass namespace "nodes" to xmlGetLineNo
  * SECURITY UPDATE: stack-based buffer overflow in exsltDateFormat
    - 0020-Fix-buffer-overflow-in-exsltDateFormat-5d0c6565b.patch:
      make stack buffer larger
  * SECURITY UPDATE: out-of-bounds head read in xsltExtModuleRegisterDynamic
    - 0021-Fix-OOB-heap-read-in-xsltExtModuleRegisterDynamic-87c3d9ea.patch:
      correct stripping of unwanted characters

 -- Steve Beattie <email address hidden>  Tue, 25 Apr 2017 23:38:39 -0700

Upload details

Uploaded by:
Steve Beattie on 2017-04-27
Uploaded to:
Xenial
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
text
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Xenial updates on 2017-04-28 main libs
Xenial security on 2017-04-27 main libs

Downloads

File Size SHA-256 Checksum
libxslt_1.1.28.orig.tar.gz 3.3 MiB 5fc7151a57b89c03d7b825df5a0fae0a8d5f05674c0e7cf2937ecec4d54a028c
libxslt_1.1.28-2.1ubuntu0.1.debian.tar.xz 39.7 KiB 84bf7f55737137dde3544fcf933e6ec8baab64a76dababe643ec79de327bdd83
libxslt_1.1.28-2.1ubuntu0.1.dsc 2.4 KiB 3f55cd7b8dadeb4492de109caf006a1f575997da8e5809ed39d6beacdc4c59d4

View changes file

Binary packages built by this source

libxslt1-dbg: XSLT 1.0 processing library - debugging symbols

 XSLT is an XML language for defining transformations of XML files from
 XML to some other arbitrary format, such as XML, HTML, plain text, etc.
 using standard XSLT stylesheets. libxslt is a C library which
 implements XSLT version 1.0.
 .
 This package provides the debugging symbols for the library and for
 the xsltproc utility provided by the xsltproc package.
 Debugging symbols for the Python modules are not available.

libxslt1-dev: XSLT 1.0 processing library - development kit

 XSLT is an XML language for defining transformations of XML files from
 XML to some other arbitrary format, such as XML, HTML, plain text, etc.
 using standard XSLT stylesheets. libxslt is a C library which
 implements XSLT version 1.0.
 .
 This package contains the development files for libxslt.

libxslt1-dev-dbgsym: debug symbols for package libxslt1-dev

 XSLT is an XML language for defining transformations of XML files from
 XML to some other arbitrary format, such as XML, HTML, plain text, etc.
 using standard XSLT stylesheets. libxslt is a C library which
 implements XSLT version 1.0.
 .
 This package contains the development files for libxslt.

libxslt1.1: XSLT 1.0 processing library - runtime library

 XSLT is an XML language for defining transformations of XML files from
 XML to some other arbitrary format, such as XML, HTML, plain text, etc.
 using standard XSLT stylesheets. libxslt is a C library which
 implements XSLT version 1.0.
 .
 This package contains the libxslt library used by applications for XSLT
 transformations.

libxslt1.1-dbgsym: debug symbols for package libxslt1.1

 XSLT is an XML language for defining transformations of XML files from
 XML to some other arbitrary format, such as XML, HTML, plain text, etc.
 using standard XSLT stylesheets. libxslt is a C library which
 implements XSLT version 1.0.
 .
 This package contains the libxslt library used by applications for XSLT
 transformations.

python-libxslt1: Python bindings for libxslt1

 XSLT is an XML language for defining transformations of XML files from
 XML to some other arbitrary format, such as XML, HTML, plain text, etc.
 using standard XSLT stylesheets. libxslt is a C library which
 implements XSLT version 1.0.
 .
 This package contains Python bindings for libxslt, needed to use
 libxslt in Python programs.

python-libxslt1-dbg: Python bindings for libxslt1 (debug extension)

 XSLT is an XML language for defining transformations of XML files from
 XML to some other arbitrary format, such as XML, HTML, plain text, etc.
 using standard XSLT stylesheets. libxslt is a C library which
 implements XSLT version 1.0.
 .
 This package contains Python bindings for libxslt, needed to use
 libxslt in Python programs for use with the Python debug interpreter.

xsltproc: XSLT 1.0 command line processor

 XSLT is an XML language for defining transformations of XML files from
 XML to some other arbitrary format, such as XML, HTML, plain text, etc.
 using standard XSLT version 1.0 stylesheets.
 .
 This package contains a command line tool that facilitates XSLT
 transformations.

xsltproc-dbgsym: debug symbols for package xsltproc

 XSLT is an XML language for defining transformations of XML files from
 XML to some other arbitrary format, such as XML, HTML, plain text, etc.
 using standard XSLT version 1.0 stylesheets.
 .
 This package contains a command line tool that facilitates XSLT
 transformations.