Format: 1.8 Date: Tue, 25 Apr 2017 23:38:39 -0700 Source: libxslt Binary: libxslt1.1 libxslt1-dev libxslt1-dbg xsltproc python-libxslt1 python-libxslt1-dbg Architecture: amd64 Version: 1.1.28-2.1ubuntu0.1 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Steve Beattie Description: libxslt1-dbg - XSLT 1.0 processing library - debugging symbols libxslt1-dev - XSLT 1.0 processing library - development kit libxslt1.1 - XSLT 1.0 processing library - runtime library python-libxslt1 - Python bindings for libxslt1 python-libxslt1-dbg - Python bindings for libxslt1 (debug extension) xsltproc - XSLT 1.0 command line processor Changes: libxslt (1.1.28-2.1ubuntu0.1) xenial-security; urgency=medium . * SECURITY UPDATE: out-of-bounds heap memory access - debian/patches/0010-CVE-2016-1683.patch: special case namespace nodes in xsltNumberFormatGetMultipleLevel - CVE-2016-1683 * SECURITY UPDATE: integer overflow - debian/patches/0011-CVE-2016-1684-1.patch, debian/patches/0012-CVE-2016-1684-2.patch: add lower and upper bounds for 'i' and 'a' format tokens - CVE-2016-1684 * SECURITY UPDATE: use-after-free in xsltDocumentFunctionLoadDocument - debian/patches/0013-CVE-2016-1841.patch: adjust xmlFree() call - CVE-2016-1841 * SECURITY UPDATE: heap information leak - debian/patches/0014-CVE-2016-4738.patch: check for empty decimal separator. - CVE-2016-4738 * SECURITY UPDATE: integer overflow in libxslt. - debian/patches/0015-CVE-2017-5029.patch: limit buffer size in xsltAddTextString to INT_MAX. - CVE-2017-5029 * SECURITY UPDATE: double free in hash functions - 0016-Fix-double-free-in-libexslt-hash-functions-d8862309f0.patch: remove duplicate free calls * SECURITY UPDATE: NULL pointer dereference in Saxon - 0017-Fix-error-handling-in-Saxon-extension-functions-ef7429bb4.patch: fix error handling in Saxon extension functions * SECURITY UPDATE: out-of-bounds heap memory access - 0018-Fix-dyn-map-with-namespace-nodes-93bb3147.patch: use correct type for namespace nodes in exsltDynMapFunction * SECURITY UPDATE: out-of-bounds heap read memory access - 0019-Fix-saxon-line-number-with-namespace-nodes-8b90c9a6.patch: do not pass namespace "nodes" to xmlGetLineNo * SECURITY UPDATE: stack-based buffer overflow in exsltDateFormat - 0020-Fix-buffer-overflow-in-exsltDateFormat-5d0c6565b.patch: make stack buffer larger * SECURITY UPDATE: out-of-bounds head read in xsltExtModuleRegisterDynamic - 0021-Fix-OOB-heap-read-in-xsltExtModuleRegisterDynamic-87c3d9ea.patch: correct stripping of unwanted characters Checksums-Sha1: 8b01a6d7a5e1a135c5dc2348aea620aab6dd4c7f 374276 libxslt1-dbg_1.1.28-2.1ubuntu0.1_amd64.deb 8d793804fde25100178ee73ee8e3709b62438070 986 libxslt1-dev-dbgsym_1.1.28-2.1ubuntu0.1_amd64.ddeb dadb4511ed9d9a35de976c658c45af0177a3ca8f 406486 libxslt1-dev_1.1.28-2.1ubuntu0.1_amd64.deb 0ff17c9911305c6bec3ce4f1d4ac02f801e44f50 996 libxslt1.1-dbgsym_1.1.28-2.1ubuntu0.1_amd64.ddeb c901156b3654ce65b726b8a4a9de036893411942 145438 libxslt1.1_1.1.28-2.1ubuntu0.1_amd64.deb 3f673a160e7a1628ac310d41c3db7825625c7ff8 117446 python-libxslt1-dbg_1.1.28-2.1ubuntu0.1_amd64.deb 7a81fe253426aa23ceaa7a5700638daf4a06604d 33640 python-libxslt1_1.1.28-2.1ubuntu0.1_amd64.deb 2f369ec483dfa46f575f16a659248f6655740cfb 976 xsltproc-dbgsym_1.1.28-2.1ubuntu0.1_amd64.ddeb 5ed0e59d3c6974b336c05a945e7f3ff6eb33d24a 13406 xsltproc_1.1.28-2.1ubuntu0.1_amd64.deb Checksums-Sha256: 456d074cc892b7575e962f410938c43e0dec4c3faaf359edd53591991d4d9100 374276 libxslt1-dbg_1.1.28-2.1ubuntu0.1_amd64.deb 2708ce92e79023c1bc1c4b05979bb15d313a86083abfa518d3d5458657ca0575 986 libxslt1-dev-dbgsym_1.1.28-2.1ubuntu0.1_amd64.ddeb a51aac1e7bbb6d13d6edc1591a07351fa1f388338dfc2eb118e356a749010625 406486 libxslt1-dev_1.1.28-2.1ubuntu0.1_amd64.deb b0fb10f1bc2c40d0d4fac884ca191d8679319bd2a1da31fdab6e487e5296ba17 996 libxslt1.1-dbgsym_1.1.28-2.1ubuntu0.1_amd64.ddeb 92da22a56b1207b144ef0258abb801bbca809a5b895891e913eee51e889f5006 145438 libxslt1.1_1.1.28-2.1ubuntu0.1_amd64.deb 73eb55175547ad960e2c7d8aa28bfa12f8e8f99716060c58647dafe27690f046 117446 python-libxslt1-dbg_1.1.28-2.1ubuntu0.1_amd64.deb 5fea87816dae3421461e842cf049d6450146c3a8da291ee1395d72373178ab60 33640 python-libxslt1_1.1.28-2.1ubuntu0.1_amd64.deb e976713ca547e72912bf50d026b42b4479f7bb2b92f23304db9fde6ce8b4a4cc 976 xsltproc-dbgsym_1.1.28-2.1ubuntu0.1_amd64.ddeb 77c882ff6588b6c7cc125eabc3e17f4cc9201cdbead244f0f789942b87dc854a 13406 xsltproc_1.1.28-2.1ubuntu0.1_amd64.deb Files: e76d076eb29fa32eb559b68ad59e9549 374276 debug extra libxslt1-dbg_1.1.28-2.1ubuntu0.1_amd64.deb e65918aa30bdf4faf1fc26146e66d9b5 986 libdevel extra libxslt1-dev-dbgsym_1.1.28-2.1ubuntu0.1_amd64.ddeb fb8972a221b620301e888c60be184482 406486 libdevel optional libxslt1-dev_1.1.28-2.1ubuntu0.1_amd64.deb 8143fcfba43c72fcb591f50ede9e0021 996 libs extra libxslt1.1-dbgsym_1.1.28-2.1ubuntu0.1_amd64.ddeb f7a4437a8670b39262f7f1ec1c612f06 145438 libs optional libxslt1.1_1.1.28-2.1ubuntu0.1_amd64.deb 766d41b25566b50a085df6e20f9e3b36 117446 debug extra python-libxslt1-dbg_1.1.28-2.1ubuntu0.1_amd64.deb d678fee1e27c2b041e7febcfd8183f9c 33640 python optional python-libxslt1_1.1.28-2.1ubuntu0.1_amd64.deb d5a44f5dba19eeee74b0ce8502d9740e 976 text extra xsltproc-dbgsym_1.1.28-2.1ubuntu0.1_amd64.ddeb 0b0ebfd366ccb18037ab3eb395dcfe86 13406 text optional xsltproc_1.1.28-2.1ubuntu0.1_amd64.deb Original-Maintainer: Debian XML/SGML Group