Format: 1.8 Date: Thu, 27 Apr 2017 10:58:44 -0700 Source: libxslt Binary: libxslt1.1 libxslt1-dev libxslt1-dbg xsltproc python-libxslt1 python-libxslt1-dbg Architecture: amd64 Version: 1.1.26-8ubuntu1.4 Distribution: precise Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Steve Beattie Description: libxslt1-dbg - XSLT 1.0 processing library - debugging symbols libxslt1-dev - XSLT 1.0 processing library - development kit libxslt1.1 - XSLT 1.0 processing library - runtime library python-libxslt1 - Python bindings for libxslt1 python-libxslt1-dbg - Python bindings for libxslt1 (debug extension) xsltproc - XSLT 1.0 command line processor Changes: libxslt (1.1.26-8ubuntu1.4) precise-security; urgency=medium . * SECURITY UPDATE: type-confusion leading to denial of service - libxslt/preproc.c: check that the parent node is an element before dereferencing its namespace - 7ca19df892ca22d9314e95d59ce2abdeff46b617 - CVE-2015-7955 * SECURITY UPDATE: out-of-bounds heap memory access - libxslt/numbers.c: precompile patterns in xsl:number (prereq), special case namespace nodes in xsltNumberFormatGetMultipleLevel libxslt/preproc.c, numbersInternals.h: precompile patterns in xsl:number (prereq change) tests/docs/bug-186*: add testcase - Prereq commits: 0d6713d715509da1fec27bec220d43aa4fc48d0f, 102099fb3bc0b29ede7dadc6388337ef4de59a74 - d182d8f6ba3071503d96ce17395c9d55871f0242 - CVE-2016-1683 * SECURITY UPDATE: integer overflow - libxslt/numbers.c: add lower and upper bounds for 'i' and 'a' format tokens - 91d0540ac9beaa86719a05b749219a69baa0dd8d - 405034286fbdd6166229335b7203a41bf53b40fc - CVE-2016-1684 * SECURITY UPDATE: use-after-free in xsltDocumentFunctionLoadDocument - libxslt/functions.c: adjust xmlFree() call tests/docs/bug-185*, tests/general/bug-185*: add test csses - fc1ff481fd01e9a65a921c542fed68d8c965e8a3 - CVE-2016-1841 * SECURITY UPDATE: heap information leak - libxslt/numbers.c: check for empty decimal separator. - eb1030de31165b68487f288308f9d1810fed6880 - CVE-2016-4738 * SECURITY UPDATE: integer overflow in libxslt. - libxslt/transform.c, libxslt/xsltInternals.h: limit buffer size in xsltAddTextString to INT_MAX. - 08ab2774b870de1c7b5a48693df75e8154addae5 - CVE-2017-5029 * SECURITY UPDATE: double free in hash functions - libexslt/crypto.c: remove duplicate free calls - d8862309f08054218b28e2c8f5fb3cb2f650cac7 * SECURITY UPDATE: NULL pointer dereference in Saxon - libexslt/saxon.c: fix error handling in Saxon extension functions configure.in, tests/exslt/Makefile.am, tests/exslt/saxon/: add test cases - ef7429bb4f1433726cc8fc4fe3d134d8a439fab1 * SECURITY UPDATE: out-of-bounds heap memory access - libexslt/dynamic.c: use correct type for namespace nodes in exsltDynMapFunction tests/exslt/dynamic/dynmap*: add testcase - 93bb314768aafaffad1df15bbee10b7c5423e283 * SECURITY UPDATE: out-of-bounds heap read memory access - libexslt/saxon.c: do not pass namespace "nodes" to xmlGetLineNo tests/exslt/saxon/Makefile.am, tests/exslt/saxon/lineno.1*: add test case - 8b90c9a699e0eaa98bbeec63a473ddc73aaa238c * SECURITY UPDATE: stack-based buffer overflow in exsltDateFormat - libexslt/date.c: make stack buffer larger - 5d0c6565bab5b9b7efceb33b626916d22b4101a7 * SECURITY UPDATE: out-of-bounds head read in xsltExtModuleRegisterDynamic - libxslt/extensions.c: correct stripping of unwanted characters - 87c3d9ea214fc0503fd8130b6dd97431d69cc066 Checksums-Sha1: 14e93dfa3cf50dae5fed6c45e3e63a64a7870671 167612 libxslt1.1_1.1.26-8ubuntu1.4_amd64.deb 4bbb9ae16102e05da8f660c283d77ccc6554be32 562688 libxslt1-dev_1.1.26-8ubuntu1.4_amd64.deb 3b822ded54261e4e5a0c9d42acf1ced3dcbb8b75 314918 libxslt1-dbg_1.1.26-8ubuntu1.4_amd64.deb 13aebecc4e548d675128365af957246d71b4d027 15070 xsltproc_1.1.26-8ubuntu1.4_amd64.deb d4ed6b3c0e26a0921de4ef032ac6a34a9fe9265b 41324 python-libxslt1_1.1.26-8ubuntu1.4_amd64.deb 11c5b0fa7e2dd2b4b3826c481986b447bcc9d941 140620 python-libxslt1-dbg_1.1.26-8ubuntu1.4_amd64.deb e991fa5bf32ac1b507ac067e550a156fc79fb09e 199368 libxslt1.1-dbgsym_1.1.26-8ubuntu1.4_amd64.ddeb bf43cfe59683f3514e470682b75591daa13d6e59 19880 xsltproc-dbgsym_1.1.26-8ubuntu1.4_amd64.ddeb 826ed89bc3528b5bdfa63b776e7c1dd8c576d71d 45442 python-libxslt1-dbgsym_1.1.26-8ubuntu1.4_amd64.ddeb Checksums-Sha256: 2cbda29e3884e76293a2825685047d1548c906eae40d304106496c145118f7e6 167612 libxslt1.1_1.1.26-8ubuntu1.4_amd64.deb 6c47439f991029ed0228d29af015c6fb7481e9f102a374bc5f23651e00da7f43 562688 libxslt1-dev_1.1.26-8ubuntu1.4_amd64.deb 7fddaaff2f7d74e85eb5d1455ce1fd0f6f6da030285180499a7cebb4a4eb9d28 314918 libxslt1-dbg_1.1.26-8ubuntu1.4_amd64.deb 59db4338f2b24be15f34b0a9cb4e17aba29332a216df42f849be6611bed80ece 15070 xsltproc_1.1.26-8ubuntu1.4_amd64.deb 54fbee8291a36c6cd5a34a433f1f55aea09f0a55248dabef20f66f9b19678339 41324 python-libxslt1_1.1.26-8ubuntu1.4_amd64.deb ffca8f55421273cadb468d08ed9995556ba16f993600b137763563c30656ae38 140620 python-libxslt1-dbg_1.1.26-8ubuntu1.4_amd64.deb d52cb89a7a063073f15a963df4fb6be9055aa27bcb5e16849c611b3c8b2dd805 199368 libxslt1.1-dbgsym_1.1.26-8ubuntu1.4_amd64.ddeb 57d1144deed16c018aea7b024a70cafc3365a2b6280fe4bce34bc8066007f02c 19880 xsltproc-dbgsym_1.1.26-8ubuntu1.4_amd64.ddeb f699fbec9c789e10ac088195cd384b9898514743798179850a5d021c14d59faf 45442 python-libxslt1-dbgsym_1.1.26-8ubuntu1.4_amd64.ddeb Files: 93208bcaeb8bdf6c80e4e15de9bd478f 167612 libs optional libxslt1.1_1.1.26-8ubuntu1.4_amd64.deb 08ea373c0b96caa0e70ae36b353058b6 562688 libdevel optional libxslt1-dev_1.1.26-8ubuntu1.4_amd64.deb 9ae64bfab8021b53e3a05ec478e62225 314918 debug extra libxslt1-dbg_1.1.26-8ubuntu1.4_amd64.deb e534c2009c4c8b82a7126640a74d34be 15070 text optional xsltproc_1.1.26-8ubuntu1.4_amd64.deb fa98fd5c291a2f26f95ef4b27c8586dc 41324 python optional python-libxslt1_1.1.26-8ubuntu1.4_amd64.deb f0dfb02c2e67d0d2dded0900d2f30ea2 140620 debug extra python-libxslt1-dbg_1.1.26-8ubuntu1.4_amd64.deb fa8af1f0ff16b4b888c223244571e217 199368 libs extra libxslt1.1-dbgsym_1.1.26-8ubuntu1.4_amd64.ddeb 043628a964555163415181367a3039f2 19880 text extra xsltproc-dbgsym_1.1.26-8ubuntu1.4_amd64.ddeb 7ffd472829948f1e2fd4f50d75285e35 45442 python extra python-libxslt1-dbgsym_1.1.26-8ubuntu1.4_amd64.ddeb Original-Maintainer: Debian XML/SGML Group