Univention Bugzilla – Bug 55194
libxslt: Multiple issues (5.0)
Last modified: 2022-09-13 17:50:23 CEST
New Debian libxslt 1.1.32-2.2~deb10u2 fixes: This update addresses the following issues: * Heap buffer overflow in Blink (CVE-2019-5815) * Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30560)
--- mirror/ftp/pool/main/libx/libxslt/libxslt_1.1.32-2.2~deb10u1.dsc +++ apt/ucs_5.0-0-errata5.0-2/source/libxslt_1.1.32-2.2~deb10u2.dsc @@ -1,3 +1,9 @@ +1.1.32-2.2~deb10u2 [Fri, 09 Sep 2022 12:30:48 +0200] Emilio Pozuelo Monfort <pochu@debian.org>: + + * Non-maintainer upload by the LTS Team. + * CVE-2019-5815: heap corruption in xsltNumberFormatGetMultipleLevel. + * CVE-2021-30560: use-after-free in xsltApplyTemplates. + 1.1.32-2.2~deb10u1 [Sun, 03 Nov 2019 17:11:47 +0100] Salvatore Bonaccorso <carnil@debian.org>: * Rebuild for buster <http://piuparts.knut.univention.de/5.0-2/#5389517982722042249>
OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-2] 7610b851c2 Bug #55194: libxslt 1.1.32-2.2~deb10u2 doc/errata/staging/libxslt.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) [5.0-2] 2d9359bfd0 Bug #55194: libxslt 1.1.32-2.2~deb10u2 doc/errata/staging/libxslt.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x418>