UbuntuUpdates.org

Package "libxslt"

Name: libxslt

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • XSLT 1.0 processing library - debugging symbols
  • XSLT 1.0 processing library - development kit
  • XSLT 1.0 processing library - runtime library
  • Python bindings for libxslt1

Latest version: 1.1.26-8ubuntu1.6
Release: precise (12.04)
Level: updates
Repository: main

Links



Other versions of "libxslt" in Precise

Repository Area Version
base main 1.1.26-8ubuntu1
security main 1.1.26-8ubuntu1.6

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.1.26-8ubuntu1.6 2021-05-03 16:06:21 UTC

  libxslt (1.1.26-8ubuntu1.6) precise-security; urgency=medium

  * SECURITY UPDATE: Uninitialized read
      Fix uninitialized
      read of xsl:number token in libxslt/numbers.c.
    - CVE-2019-13117
  * SECURITY UPDATE: Uninitialized read
      Fix uninitialized
      read with UTF-8 grouping chars in libxslt/numbers.c,
      tests/docs/bug-222.xml, tests/general/bug-222.out,
      tests/general/bug-222.xsl.
    - CVE-2019-13118
  * SECURITY UPDATE: Buffer over-read
      Fix dangling
      pointer in xsltCopyText in libxslt/transform.c.
    - CVE-2019-18197

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 22 Oct 2019 10:19:03 -0300

Source diff to previous version
CVE-2019-13117 In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This c
CVE-2019-13118 In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combin
CVE-2019-18197 In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to

Version: 1.1.26-8ubuntu1.4 2017-04-28 01:06:52 UTC

  libxslt (1.1.26-8ubuntu1.4) precise-security; urgency=medium

  * SECURITY UPDATE: type-confusion leading to denial of service
    - libxslt/preproc.c: check that the parent node is an element
      before dereferencing its namespace
    - 7ca19df892ca22d9314e95d59ce2abdeff46b617
    - CVE-2015-7955
  * SECURITY UPDATE: out-of-bounds heap memory access
    - libxslt/numbers.c: precompile patterns in xsl:number (prereq),
      special case namespace nodes in xsltNumberFormatGetMultipleLevel
      libxslt/preproc.c, numbersInternals.h: precompile patterns
      in xsl:number (prereq change)
      tests/docs/bug-186*: add testcase
    - Prereq commits: 0d6713d715509da1fec27bec220d43aa4fc48d0f,
      102099fb3bc0b29ede7dadc6388337ef4de59a74
    - d182d8f6ba3071503d96ce17395c9d55871f0242
    - CVE-2016-1683
  * SECURITY UPDATE: integer overflow
    - libxslt/numbers.c: add lower and upper bounds for 'i' and 'a'
      format tokens
    - 91d0540ac9beaa86719a05b749219a69baa0dd8d
    - 405034286fbdd6166229335b7203a41bf53b40fc
    - CVE-2016-1684
  * SECURITY UPDATE: use-after-free in xsltDocumentFunctionLoadDocument
    - libxslt/functions.c: adjust xmlFree() call
      tests/docs/bug-185*, tests/general/bug-185*: add test csses
    - fc1ff481fd01e9a65a921c542fed68d8c965e8a3
    - CVE-2016-1841
  * SECURITY UPDATE: heap information leak
    - libxslt/numbers.c: check for empty decimal separator.
    - eb1030de31165b68487f288308f9d1810fed6880
    - CVE-2016-4738
  * SECURITY UPDATE: integer overflow in libxslt.
    - libxslt/transform.c, libxslt/xsltInternals.h: limit buffer size
      in xsltAddTextString to INT_MAX.
    - 08ab2774b870de1c7b5a48693df75e8154addae5
    - CVE-2017-5029
  * SECURITY UPDATE: double free in hash functions
    - libexslt/crypto.c: remove duplicate free calls
    - d8862309f08054218b28e2c8f5fb3cb2f650cac7
  * SECURITY UPDATE: NULL pointer dereference in Saxon
    - libexslt/saxon.c: fix error handling in Saxon extension functions
      configure.in, tests/exslt/Makefile.am, tests/exslt/saxon/:
      add test cases
    - ef7429bb4f1433726cc8fc4fe3d134d8a439fab1
  * SECURITY UPDATE: out-of-bounds heap memory access
    - libexslt/dynamic.c: use correct type for namespace nodes in
      exsltDynMapFunction
      tests/exslt/dynamic/dynmap*: add testcase
    - 93bb314768aafaffad1df15bbee10b7c5423e283
  * SECURITY UPDATE: out-of-bounds heap read memory access
    - libexslt/saxon.c: do not pass namespace "nodes" to xmlGetLineNo
      tests/exslt/saxon/Makefile.am, tests/exslt/saxon/lineno.1*:
      add test case
    - 8b90c9a699e0eaa98bbeec63a473ddc73aaa238c
  * SECURITY UPDATE: stack-based buffer overflow in exsltDateFormat
    - libexslt/date.c: make stack buffer larger
    - 5d0c6565bab5b9b7efceb33b626916d22b4101a7
  * SECURITY UPDATE: out-of-bounds head read in xsltExtModuleRegisterDynamic
    - libxslt/extensions.c: correct stripping of unwanted characters
    - 87c3d9ea214fc0503fd8130b6dd97431d69cc066

 -- Steve Beattie <email address hidden> Thu, 27 Apr 2017 10:58:44 -0700

Source diff to previous version
CVE-2015-7955 RESERVED
CVE-2016-1683 numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause
CVE-2016-1684 numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows rem
CVE-2016-1841 libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbi
CVE-2016-4738 libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a
CVE-2017-5029 The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux

Version: 1.1.26-8ubuntu1.3 2013-04-02 14:07:21 UTC

  libxslt (1.1.26-8ubuntu1.3) precise-security; urgency=low

  * SECURITY UPDATE: denial of service via malformed stylesheet
    - libxslt/functions.c, libxslt/keys.c: check for empty values
      tests/*: add tests
    - dc11b6b379a882418093ecc8adf11f6166682e8d
    - 6c99c519d97e5fcbec7a9537d190efb442e4e833
    - CVE-2012-6139
 -- Marc Deslauriers <email address hidden> Thu, 28 Mar 2013 13:05:27 -0400

Source diff to previous version
CVE-2012-6139 libxslt "xsltDocumentFunction()" and "xsltAddKey()" Denial of Service Vulnerabilities

Version: 1.1.26-8ubuntu1.2 2012-10-04 19:07:06 UTC

  libxslt (1.1.26-8ubuntu1.2) precise-security; urgency=low

  * SECURITY UPDATE: denial of service via out-of-bounds read
    - libxslt/pattern.c: fix improper loop exit.
    - fe5a4fa33eb85bce3253ed3742b1ea6c4b59b41b
    - CVE-2011-3970
  * SECURITY UPDATE: denial of service via out-of-bounds read
    - libxslt/xsltutils.h: check for XML_ELEMENT_NODE
    - e6a0bc8081271f33b9899eb78e1da1a2a0428419
    - CVE-2012-2825
  * SECURITY UPDATE: denial of service via crafted XSLT expression
    - harden code in libexslt/functions.c, libxslt/attributes.c,
      libxslt/functions.c, libxslt/pattern.c, libxslt/preproc.c,
      libxslt/templates.c, libxslt/transform.c, libxslt/variables.c,
      libxslt/xslt.c, libxslt/xsltutils.c.
    - 8566ab4a10158d195adb5f1f61afe1ee8bfebd12
    - 4da0f7e207f14a03daad4663865c285eb27f93e9
    - 24653072221e76d2f1f06aa71225229b532f8946
    - 1564b30e994602a95863d9716be83612580a2fed
    - CVE-2012-2870
  * SECURITY UPDATE: denial of service and possible code execution during
    handling of XSL transforms
    - libxslt/transform.c: check for XML_NAMESPACE_DECL
    - 937ba2a3eb42d288f53c8adc211bd1122869f0bf
    - CVE-2012-2871
  * SECURITY UPDATE: denial of service and possible code execution via
    double free during XSL transforms
    - libxslt/templates.c: Fix dictionary string usage
    - 54977ed7966847e305a2008cb18892df26eeb065
    - CVE-2012-2893
 -- Marc Deslauriers <email address hidden> Fri, 28 Sep 2012 15:13:38 -0400

Source diff to previous version
CVE-2011-3970 libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vector
CVE-2012-2825 The XSL implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (incorrect read operation) via unspec
CVE-2012-2870 libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to caus
CVE-2012-2871 libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handl
CVE-2012-2893 Double free vulnerability in libxslt, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly

Version: 1.1.26-8ubuntu1.1 2012-08-07 10:06:51 UTC

  libxslt (1.1.26-8ubuntu1.1) precise-proposed; urgency=low

  * debian/control: mark libxslt1-dev as not M-A (LP: #1014197).
 -- Stephane Graber <email address hidden> Wed, 18 Jul 2012 15:01:41 -0400

1014197 package libxslt1-dev 1.1.26-8ubuntu1 failed to install/upgrade: './usr/bin/xslt-config' is different from the same file on the system



About   -   Send Feedback to @ubuntu_updates