UbuntuUpdates.org

Package "xsltproc"

Name: xsltproc

Description:

XSLT 1.0 command line processor
Latest version: 1.1.34-4ubuntu0.22.04.3
Release: jammy (22.04)
Level: updates
Repository: main
Head package: libxslt
Homepage: http://xmlsoft.org/xslt/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "xsltproc"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "xsltproc" in Jammy

Repository Area Version
base main 1.1.34-4build2
security main 1.1.34-4ubuntu0.22.04.3

Changelog

Version: 1.1.34-4ubuntu0.22.04.3 2025-03-20 20:06:57 UTC

  libxslt (1.1.34-4ubuntu0.22.04.3) jammy-security; urgency=medium

  * SECURITY UPDATE: use-after-free via nested XPath evaluations
    - debian/patches/CVE-2025-24855.patch: properly handle XPath context
      nodes and transformation context nodes in libxslt/numbers.c,
      libxslt/templates.c, libxslt/xsltutils.c.
    - CVE-2025-24855

 -- Marc Deslauriers <email address hidden> Wed, 19 Mar 2025 12:54:45 -0400
Source diff to previous version
CVE-2025-24855 numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restore

Version: 1.1.34-4ubuntu0.22.04.2 2025-03-19 18:06:55 UTC

  libxslt (1.1.34-4ubuntu0.22.04.2) jammy-security; urgency=medium

  * SECURITY UPDATE: use-after-free via exclusion of result prefixes
    - debian/patches/CVE-2024-55549.patch: store string in stylesheet's
      dict to avoid use after free in libxslt/xslt.c.
    - CVE-2024-55549

 -- Marc Deslauriers <email address hidden> Tue, 18 Mar 2025 10:41:52 -0400
Source diff to previous version
CVE-2024-55549 xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.

Version: 1.1.34-4ubuntu0.22.04.1 2022-08-22 16:07:28 UTC

  libxslt (1.1.34-4ubuntu0.22.04.1) jammy-security; urgency=medium

  * SECURITY UPDATE: Use after free
    - debian/patches/CVE-2021-30560.patch: fix use after free
      in xsltApplyTemplates in libxslt/transform.c.
    - CVE-2021-30560

 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 18 Aug 2022 08:44:36 -0300
CVE-2021-30560 Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted H


About   -   Send Feedback to @ubuntu_updates