Back to libxslt PTS page

Accepted libxslt 1.1.28-2+deb8u5 (source amd64) into oldoldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted libxslt 1.1.28-2+deb8u5 (source amd64) into oldoldstable
From: Markus Koschany <apo@debian.org>
Date: Mon, 22 Jul 2019 13:40:16 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1hpYY4-0005Lb-3n@seger.debian.org>
Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 22 Jul 2019 14:28:55 +0200
Source: libxslt
Binary: libxslt1.1 libxslt1-dev libxslt1-dbg xsltproc python-libxslt1 python-libxslt1-dbg
Architecture: source amd64
Version: 1.1.28-2+deb8u5
Distribution: jessie-security
Urgency: high
Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libxslt1-dbg - XSLT 1.0 processing library - debugging symbols
 libxslt1-dev - XSLT 1.0 processing library - development kit
 libxslt1.1 - XSLT 1.0 processing library - runtime library
 python-libxslt1 - Python bindings for libxslt1
 python-libxslt1-dbg - Python bindings for libxslt1 (debug extension)
 xsltproc   - XSLT 1.0 command line processor
Changes:
 libxslt (1.1.28-2+deb8u5) jessie-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2016-4610:
     Invalid memory access leading to DoS at exsltDynMapFunction. libxslt allows
     remote attackers to cause a denial of service (memory corruption) or
     possibly have unspecified other impact via unknown vectors.
   * Fix CVE-2016-4609:
     Out-of-bounds read at xmlGetLineNoInternal()
     libxslt allows remote attackers to cause a denial of service (memory
     corruption) or possibly have unspecified other impact via unknown vectors.
   * Fix CVE-2019-13117:
     An xsl:number with certain format strings could lead to an uninitialized
     read in xsltNumberFormatInsertNumbers. This could allow an attacker to
     discern whether a byte on the stack contains the characters A, a, I, i, or
     0, or any other character.
   * Fix CVE-2019-13118:
     A type holding grouping characters of an xsl:number instruction was too
     narrow and an invalid character/length combination could be passed to
     xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
Checksums-Sha1:
 aa5240d20fc7fdfbccdb19ae503fedd3ff38909c 2554 libxslt_1.1.28-2+deb8u5.dsc
 5d9ffef4479418f254545dbd59648e6ec4efaf89 40992 libxslt_1.1.28-2+deb8u5.debian.tar.xz
 2888e99c3af44d7cc916bb588f5f9ad6d99d1ce2 232996 libxslt1.1_1.1.28-2+deb8u5_amd64.deb
 4997eb9da7f12c1eab754a7ecfa1226b9719abe4 513812 libxslt1-dev_1.1.28-2+deb8u5_amd64.deb
 c70e6e9f9ba4a742f77e7da0ca8325b86dfac79e 480192 libxslt1-dbg_1.1.28-2+deb8u5_amd64.deb
 1aaca9459be4d495fc749be484f46455d9ae9402 119062 xsltproc_1.1.28-2+deb8u5_amd64.deb
 bc8edafe4cf996128dc07c5c1b52277ecfe4f373 139576 python-libxslt1_1.1.28-2+deb8u5_amd64.deb
 a1a33e3b8a3b52920de69e830fa6f70bde6aa56b 222380 python-libxslt1-dbg_1.1.28-2+deb8u5_amd64.deb
Checksums-Sha256:
 07e3b5c407fe8b16a149016c644564f8fd8f5e028d23c0908b8342aeb29dc8ec 2554 libxslt_1.1.28-2+deb8u5.dsc
 b16233b1c69d3d46b0c5354e50e1bde721101ebd5af8b36797a076f4b60aa095 40992 libxslt_1.1.28-2+deb8u5.debian.tar.xz
 b8725bbac6039f3d3349ef9ce0b2d605a94d96e6c113b72136d986dbcf6dd1ed 232996 libxslt1.1_1.1.28-2+deb8u5_amd64.deb
 2aaee466be04abdaeb2505bccafc5cc1ef45e27f26e2bc3e47cf17544d854c92 513812 libxslt1-dev_1.1.28-2+deb8u5_amd64.deb
 3a0ac8cffde48a68e1c7d81337a02395b48abe86f3050739e7ee5ed56cb1f79e 480192 libxslt1-dbg_1.1.28-2+deb8u5_amd64.deb
 aef7168c6243d5376457c01dec1b226f1527e2bec342afd1a99deaac48ce69a9 119062 xsltproc_1.1.28-2+deb8u5_amd64.deb
 16a9620dba9f4d9e267b5ef4fd6af5a58d746f7b5a34c1d1ffb6e9882df6ec9e 139576 python-libxslt1_1.1.28-2+deb8u5_amd64.deb
 0c99004aa2f250cc94519831260075857de76dd7233071c9222f96c6c0f5da3f 222380 python-libxslt1-dbg_1.1.28-2+deb8u5_amd64.deb
Files:
 8f5410d80471a408a166e90286a3fb2a 2554 text optional libxslt_1.1.28-2+deb8u5.dsc
 a71ce544bd4154da94c7a97beb5daf40 40992 text optional libxslt_1.1.28-2+deb8u5.debian.tar.xz
 fc9cabc797e42428784a010424ae3c7b 232996 libs optional libxslt1.1_1.1.28-2+deb8u5_amd64.deb
 df5e523058d21b2eec8e0e1ec958c0fe 513812 libdevel optional libxslt1-dev_1.1.28-2+deb8u5_amd64.deb
 df538b575fcbfccadf6a7ab2022dec4b 480192 debug extra libxslt1-dbg_1.1.28-2+deb8u5_amd64.deb
 42a50d14da380f4fc48f715d58c93646 119062 text optional xsltproc_1.1.28-2+deb8u5_amd64.deb
 0c0673ce58b900533946818465112c8d 139576 python optional python-libxslt1_1.1.28-2+deb8u5_amd64.deb
 559f25ab7eca07a1152fbac3f0aa4d8e 222380 debug extra python-libxslt1-dbg_1.1.28-2+deb8u5_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl01uQtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkqQkQAKohZX21KCGorNfYkCfPsjEvUptkxBlp0gEQ
Y8JrYr6MTVaAd27Db2/Lgz6gf0KpO1fMKJ4KA0O6+r2fU3vGzMIcIWxZ8926ndT6
R+CJQL7clBgq27EY/cSpAhbxvKyzUuqpm758nNdRQbmfk4k8acx6fhMyM0AOVxMu
HX8GgNl8vUi17XWEVPpBYwdzFMR4EQ6AhIo681UWaL+Ms2NX9C71f3I6QK6BVqib
WaxXvCs+Ry/+o+oJ1stlc8t+V5/FxwhQpwQG5eb4M/5zj3W598Qv9VP7aiqqRMsL
DUltiWNpHQVoAHLvfehYO9BzCx6qri8onPk8aqaovCSPO4+crwtgCtpLPZgX2tSA
Ey9bWSRgZfQ80L0oWq7ScY41YcH+jPHl4/5/J2MJGwQlj1Odt5I1jDDcXDoK2dmz
3CLw6GOxNYdb4mHsziY4YoieSScLdC0Bbn5xzbLIY2EgRejCkHRVZlzNtwoPAwbM
WPb/tziRiUsnyaQGQpRO4CeRJQis1P3is2bx/fQvhoNrqAa6UQyXzdR3p8eUTzjG
wLqEOjhrLiM1fdGl7+zPCiRzc7fPZs1nYEGeBXE2SSii7M3X02Dcrd/d7olCsfwf
qa5lz9dwQtqoUAlzRpKpKfhRpkU/H19zXiNqlmN+Bif1agttJFAphgySKvYUPTOq
mx8ydohx
=7eiB
-----END PGP SIGNATURE-----