Package "libxslt"
Name: |
libxslt
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- XSLT 1.0 processing library - debugging symbols
- XSLT 1.0 processing library - development kit
- XSLT 1.0 processing library - runtime library
- Python bindings for libxslt1
|
Latest version: |
1.1.26-8ubuntu1.6 |
Release: |
precise (12.04) |
Level: |
updates |
Repository: |
main |
Links
Other versions of "libxslt" in Precise
Packages in group
Deleted packages are displayed in grey.
Changelog
libxslt (1.1.26-8ubuntu1.6) precise-security; urgency=medium
* SECURITY UPDATE: Uninitialized read
Fix uninitialized
read of xsl:number token in libxslt/numbers.c.
- CVE-2019-13117
* SECURITY UPDATE: Uninitialized read
Fix uninitialized
read with UTF-8 grouping chars in libxslt/numbers.c,
tests/docs/bug-222.xml, tests/general/bug-222.out,
tests/general/bug-222.xsl.
- CVE-2019-13118
* SECURITY UPDATE: Buffer over-read
Fix dangling
pointer in xsltCopyText in libxslt/transform.c.
- CVE-2019-18197
-- <email address hidden> (Leonidas S. Barbosa) Tue, 22 Oct 2019 10:19:03 -0300
|
Source diff to previous version |
CVE-2019-13117 |
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This c |
CVE-2019-13118 |
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combin |
CVE-2019-18197 |
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to |
|
libxslt (1.1.26-8ubuntu1.4) precise-security; urgency=medium
* SECURITY UPDATE: type-confusion leading to denial of service
- libxslt/preproc.c: check that the parent node is an element
before dereferencing its namespace
- 7ca19df892ca22d9314e95d59ce2abdeff46b617
- CVE-2015-7955
* SECURITY UPDATE: out-of-bounds heap memory access
- libxslt/numbers.c: precompile patterns in xsl:number (prereq),
special case namespace nodes in xsltNumberFormatGetMultipleLevel
libxslt/preproc.c, numbersInternals.h: precompile patterns
in xsl:number (prereq change)
tests/docs/bug-186*: add testcase
- Prereq commits: 0d6713d715509da1fec27bec220d43aa4fc48d0f,
102099fb3bc0b29ede7dadc6388337ef4de59a74
- d182d8f6ba3071503d96ce17395c9d55871f0242
- CVE-2016-1683
* SECURITY UPDATE: integer overflow
- libxslt/numbers.c: add lower and upper bounds for 'i' and 'a'
format tokens
- 91d0540ac9beaa86719a05b749219a69baa0dd8d
- 405034286fbdd6166229335b7203a41bf53b40fc
- CVE-2016-1684
* SECURITY UPDATE: use-after-free in xsltDocumentFunctionLoadDocument
- libxslt/functions.c: adjust xmlFree() call
tests/docs/bug-185*, tests/general/bug-185*: add test csses
- fc1ff481fd01e9a65a921c542fed68d8c965e8a3
- CVE-2016-1841
* SECURITY UPDATE: heap information leak
- libxslt/numbers.c: check for empty decimal separator.
- eb1030de31165b68487f288308f9d1810fed6880
- CVE-2016-4738
* SECURITY UPDATE: integer overflow in libxslt.
- libxslt/transform.c, libxslt/xsltInternals.h: limit buffer size
in xsltAddTextString to INT_MAX.
- 08ab2774b870de1c7b5a48693df75e8154addae5
- CVE-2017-5029
* SECURITY UPDATE: double free in hash functions
- libexslt/crypto.c: remove duplicate free calls
- d8862309f08054218b28e2c8f5fb3cb2f650cac7
* SECURITY UPDATE: NULL pointer dereference in Saxon
- libexslt/saxon.c: fix error handling in Saxon extension functions
configure.in, tests/exslt/Makefile.am, tests/exslt/saxon/:
add test cases
- ef7429bb4f1433726cc8fc4fe3d134d8a439fab1
* SECURITY UPDATE: out-of-bounds heap memory access
- libexslt/dynamic.c: use correct type for namespace nodes in
exsltDynMapFunction
tests/exslt/dynamic/dynmap*: add testcase
- 93bb314768aafaffad1df15bbee10b7c5423e283
* SECURITY UPDATE: out-of-bounds heap read memory access
- libexslt/saxon.c: do not pass namespace "nodes" to xmlGetLineNo
tests/exslt/saxon/Makefile.am, tests/exslt/saxon/lineno.1*:
add test case
- 8b90c9a699e0eaa98bbeec63a473ddc73aaa238c
* SECURITY UPDATE: stack-based buffer overflow in exsltDateFormat
- libexslt/date.c: make stack buffer larger
- 5d0c6565bab5b9b7efceb33b626916d22b4101a7
* SECURITY UPDATE: out-of-bounds head read in xsltExtModuleRegisterDynamic
- libxslt/extensions.c: correct stripping of unwanted characters
- 87c3d9ea214fc0503fd8130b6dd97431d69cc066
-- Steve Beattie <email address hidden> Thu, 27 Apr 2017 10:58:44 -0700
|
Source diff to previous version |
CVE-2015-7955 |
RESERVED |
CVE-2016-1683 |
numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause |
CVE-2016-1684 |
numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows rem |
CVE-2016-1841 |
libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbi |
CVE-2016-4738 |
libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a |
CVE-2017-5029 |
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux |
|
libxslt (1.1.26-8ubuntu1.3) precise-security; urgency=low
* SECURITY UPDATE: denial of service via malformed stylesheet
- libxslt/functions.c, libxslt/keys.c: check for empty values
tests/*: add tests
- dc11b6b379a882418093ecc8adf11f6166682e8d
- 6c99c519d97e5fcbec7a9537d190efb442e4e833
- CVE-2012-6139
-- Marc Deslauriers <email address hidden> Thu, 28 Mar 2013 13:05:27 -0400
|
Source diff to previous version |
CVE-2012-6139 |
libxslt "xsltDocumentFunction()" and "xsltAddKey()" Denial of Service Vulnerabilities |
|
libxslt (1.1.26-8ubuntu1.2) precise-security; urgency=low
* SECURITY UPDATE: denial of service via out-of-bounds read
- libxslt/pattern.c: fix improper loop exit.
- fe5a4fa33eb85bce3253ed3742b1ea6c4b59b41b
- CVE-2011-3970
* SECURITY UPDATE: denial of service via out-of-bounds read
- libxslt/xsltutils.h: check for XML_ELEMENT_NODE
- e6a0bc8081271f33b9899eb78e1da1a2a0428419
- CVE-2012-2825
* SECURITY UPDATE: denial of service via crafted XSLT expression
- harden code in libexslt/functions.c, libxslt/attributes.c,
libxslt/functions.c, libxslt/pattern.c, libxslt/preproc.c,
libxslt/templates.c, libxslt/transform.c, libxslt/variables.c,
libxslt/xslt.c, libxslt/xsltutils.c.
- 8566ab4a10158d195adb5f1f61afe1ee8bfebd12
- 4da0f7e207f14a03daad4663865c285eb27f93e9
- 24653072221e76d2f1f06aa71225229b532f8946
- 1564b30e994602a95863d9716be83612580a2fed
- CVE-2012-2870
* SECURITY UPDATE: denial of service and possible code execution during
handling of XSL transforms
- libxslt/transform.c: check for XML_NAMESPACE_DECL
- 937ba2a3eb42d288f53c8adc211bd1122869f0bf
- CVE-2012-2871
* SECURITY UPDATE: denial of service and possible code execution via
double free during XSL transforms
- libxslt/templates.c: Fix dictionary string usage
- 54977ed7966847e305a2008cb18892df26eeb065
- CVE-2012-2893
-- Marc Deslauriers <email address hidden> Fri, 28 Sep 2012 15:13:38 -0400
|
Source diff to previous version |
CVE-2011-3970 |
libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vector |
CVE-2012-2825 |
The XSL implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (incorrect read operation) via unspec |
CVE-2012-2870 |
libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to caus |
CVE-2012-2871 |
libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handl |
CVE-2012-2893 |
Double free vulnerability in libxslt, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly |
|
libxslt (1.1.26-8ubuntu1.1) precise-proposed; urgency=low
* debian/control: mark libxslt1-dev as not M-A (LP: #1014197).
-- Stephane Graber <email address hidden> Wed, 18 Jul 2012 15:01:41 -0400
|
1014197 |
package libxslt1-dev 1.1.26-8ubuntu1 failed to install/upgrade: './usr/bin/xslt-config' is different from the same file on the system |
|
About
-
Send Feedback to @ubuntu_updates