Bug 41560 - libxslt: Multiple issues (4.1)
libxslt: Multiple issues (4.1)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.1
Other Linux
: P5 normal (vote)
: UCS 4.1-3-errata
Assigned To: Janek Walkenhorst
Arvid Requate
:
Depends on:
Blocks: 41561
  Show dependency treegraph
 
Reported: 2016-06-14 13:31 CEST by Arvid Requate
Modified: 2016-09-21 21:27 CEST (History)
1 user (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score:
requate: Patch_Available+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2016-06-14 13:31:24 CEST
The following issues have been fixed in the upstream Debian package version 1.1.26-14.1+deb7u1:

* The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent nonfusion" issue. (CVE-2015-7995)

* numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles nssibly have unspecified other impact via a crafted document. (CVE-2016-1683)

* numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles t or resource consumption) or possibly have unspecified other impact via a crafted document. (CVE-2016-1684)
Comment 1 Janek Walkenhorst univentionstaff 2016-08-26 15:25:28 CEST
Tests (i386): OK
Advisory: libxslt.yaml
Comment 2 Arvid Requate univentionstaff 2016-09-05 19:00:37 CEST
Verified:
* 1.1.26-14.1+deb7u1 imported and built
* No UCS 4.x patches
* Package update Ok (amd64)
* Advisory Ok
Comment 3 Janek Walkenhorst univentionstaff 2016-09-07 18:41:42 CEST
<http://errata.software-univention.de/ucs/4.1/251.html>