Change logs for libxslt source package in Xenial

  • libxslt (1.1.28-2.1ubuntu0.3) xenial-security; urgency=medium
      * SECURITY UPDATE: Uninitialized read
        - debian/patches/CVE-2019-13117.patch: Fix uninitialized
          read of xsl:number token in libxslt/numbers.c.
        - CVE-2019-13117
      * SECURITY UPDATE: Uninitialized read
        - debian/patches/CVE-2019-13118.patch: Fix uninitialized
          read with UTF-8 grouping chars in libxslt/numbers.c,
          tests/docs/bug-222.xml, tests/general/bug-222.out,
        - CVE-2019-13118
      * SECURITY UPDATE: Buffer over-read
        - debian/patches/CVE-2019-18197.patch: Fix dangling
          pointer in xsltCopyText in libxslt/transform.c.
        - CVE-2019-18197
     -- <email address hidden> (Leonidas S. Barbosa)  Tue, 22 Oct 2019 09:57:55 -0300
  • libxslt (1.1.28-2.1ubuntu0.2) xenial-security; urgency=medium
      * SECURITY UPDATE: Bypass of protection mechanism
        - debian/patches/CVE-2019-11068.patch: Fix security
          framework bypass checking for returns equal or less
          -1 in libxslt/documents.c, libxslt/imports.c,
        - CVE-2019-11068
     -- <email address hidden> (Leonidas S. Barbosa)  Fri, 12 Apr 2019 14:03:06 -0300
  • libxslt (1.1.28-2.1ubuntu0.1) xenial-security; urgency=medium
      * SECURITY UPDATE: out-of-bounds heap memory access
        - debian/patches/0010-CVE-2016-1683.patch: special case namespace
          nodes in xsltNumberFormatGetMultipleLevel
        - CVE-2016-1683
      * SECURITY UPDATE: integer overflow
        - debian/patches/0011-CVE-2016-1684-1.patch,
          debian/patches/0012-CVE-2016-1684-2.patch: add lower and upper
          bounds for 'i' and 'a' format tokens
        - CVE-2016-1684
      * SECURITY UPDATE: use-after-free in xsltDocumentFunctionLoadDocument
        - debian/patches/0013-CVE-2016-1841.patch: adjust xmlFree() call
        - CVE-2016-1841
      * SECURITY UPDATE: heap information leak
        - debian/patches/0014-CVE-2016-4738.patch: check for empty
          decimal separator.
        - CVE-2016-4738
      * SECURITY UPDATE: integer overflow in libxslt.
        - debian/patches/0015-CVE-2017-5029.patch: limit buffer size in
          xsltAddTextString to INT_MAX.
        - CVE-2017-5029
      * SECURITY UPDATE: double free in hash functions
        - 0016-Fix-double-free-in-libexslt-hash-functions-d8862309f0.patch:
          remove duplicate free calls
      * SECURITY UPDATE: NULL pointer dereference in Saxon
        - 0017-Fix-error-handling-in-Saxon-extension-functions-ef7429bb4.patch:
          fix error handling in Saxon extension functions
      * SECURITY UPDATE: out-of-bounds heap memory access
        - 0018-Fix-dyn-map-with-namespace-nodes-93bb3147.patch: use
          correct type for namespace nodes in exsltDynMapFunction
      * SECURITY UPDATE: out-of-bounds heap read memory access
        - 0019-Fix-saxon-line-number-with-namespace-nodes-8b90c9a6.patch:
          do not pass namespace "nodes" to xmlGetLineNo
      * SECURITY UPDATE: stack-based buffer overflow in exsltDateFormat
        - 0020-Fix-buffer-overflow-in-exsltDateFormat-5d0c6565b.patch:
          make stack buffer larger
      * SECURITY UPDATE: out-of-bounds head read in xsltExtModuleRegisterDynamic
        - 0021-Fix-OOB-heap-read-in-xsltExtModuleRegisterDynamic-87c3d9ea.patch:
          correct stripping of unwanted characters
     -- Steve Beattie <email address hidden>  Tue, 25 Apr 2017 23:38:39 -0700
  • libxslt (1.1.28-2.1) unstable; urgency=high
      * Non-maintainer upload.
      * Add 0009-Fix-for-type-confusion-in-preprocessing-attributes.patch patch.
        CVE-2015-7995: Type confusion in preprocessing attributes leading to
        denial of service. (Closes: #802971)
     -- Salvatore Bonaccorso <email address hidden>  Fri, 30 Oct 2015 08:46:43 +0100
  • libxslt (1.1.28-2build2) vivid; urgency=medium
      * No-change rebuild for the libgcrypt20 transition.
     -- Adam Conrad <email address hidden>   Fri, 27 Mar 2015 06:17:04 -0600