UbuntuUpdates.org

Package "libxslt"

Name: libxslt

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • XSLT 1.0 processing library - development kit
  • XSLT 1.0 processing library - runtime library
  • XSLT 1.0 command line processor
Latest version: 1.1.34-4ubuntu0.22.04.2
Release: jammy (22.04)
Level: updates
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "libxslt" in Jammy

Repository Area Version
base main 1.1.34-4build2
security main 1.1.34-4ubuntu0.22.04.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.1.34-4ubuntu0.22.04.2 2025-03-19 18:06:55 UTC

  libxslt (1.1.34-4ubuntu0.22.04.2) jammy-security; urgency=medium

  * SECURITY UPDATE: use-after-free via exclusion of result prefixes
    - debian/patches/CVE-2024-55549.patch: store string in stylesheet's
      dict to avoid use after free in libxslt/xslt.c.
    - CVE-2024-55549

 -- Marc Deslauriers <email address hidden> Tue, 18 Mar 2025 10:41:52 -0400
Source diff to previous version
CVE-2024-55549 xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.

Version: 1.1.34-4ubuntu0.22.04.1 2022-08-22 16:07:28 UTC

  libxslt (1.1.34-4ubuntu0.22.04.1) jammy-security; urgency=medium

  * SECURITY UPDATE: Use after free
    - debian/patches/CVE-2021-30560.patch: fix use after free
      in xsltApplyTemplates in libxslt/transform.c.
    - CVE-2021-30560

 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 18 Aug 2022 08:44:36 -0300
CVE-2021-30560 Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted H


About   -   Send Feedback to @ubuntu_updates