UbuntuUpdates.org

Package "xsltproc"

Name: xsltproc

Description:

XSLT 1.0 command line processor
Latest version: 1.1.39-0exp1ubuntu0.24.04.2
Release: noble (24.04)
Level: updates
Repository: main
Head package: libxslt
Homepage: https://gitlab.gnome.org/GNOME/libxslt/-/wikis/home

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "xsltproc"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "xsltproc" in Noble

Repository Area Version
base main 1.1.39-0exp1build1
security main 1.1.39-0exp1ubuntu0.24.04.2

Changelog

Version: 1.1.39-0exp1ubuntu0.24.04.2 2025-03-20 20:06:59 UTC

  libxslt (1.1.39-0exp1ubuntu0.24.04.2) noble-security; urgency=medium

  * SECURITY UPDATE: use-after-free via nested XPath evaluations
    - debian/patches/CVE-2025-24855.patch: properly handle XPath context
      nodes and transformation context nodes in libxslt/numbers.c,
      libxslt/templates.c, libxslt/xsltutils.c.
    - CVE-2025-24855

 -- Marc Deslauriers <email address hidden> Wed, 19 Mar 2025 12:53:59 -0400
Source diff to previous version
CVE-2025-24855 numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restore

Version: 1.1.39-0exp1ubuntu0.24.04.1 2025-03-19 18:06:57 UTC

  libxslt (1.1.39-0exp1ubuntu0.24.04.1) noble-security; urgency=medium

  * SECURITY UPDATE: use-after-free via exclusion of result prefixes
    - debian/patches/CVE-2024-55549.patch: store string in stylesheet's
      dict to avoid use after free in libxslt/xslt.c.
    - CVE-2024-55549

 -- Marc Deslauriers <email address hidden> Tue, 18 Mar 2025 10:37:57 -0400
CVE-2024-55549 xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.


About   -   Send Feedback to @ubuntu_updates