Accepted libxslt 1.1.28-2+deb8u6 (source amd64) into oldoldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 27 Oct 2019 17:44:26 +0100
Source: libxslt
Binary: libxslt1.1 libxslt1-dev libxslt1-dbg xsltproc python-libxslt1 python-libxslt1-dbg
Architecture: source amd64
Version: 1.1.28-2+deb8u6
Distribution: jessie-security
Urgency: high
Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
libxslt1-dbg - XSLT 1.0 processing library - debugging symbols
libxslt1-dev - XSLT 1.0 processing library - development kit
libxslt1.1 - XSLT 1.0 processing library - runtime library
python-libxslt1 - Python bindings for libxslt1
python-libxslt1-dbg - Python bindings for libxslt1 (debug extension)
xsltproc - XSLT 1.0 command line processor
Changes:
libxslt (1.1.28-2+deb8u6) jessie-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2019-18197:
In xsltCopyText in transform.c, a pointer variable is not reset under
certain circumstances. If the relevant memory area happened to be freed and
reused in a certain way, a bounds check could fail and memory outside a
buffer could be written to, or uninitialized data could be disclosed.
Checksums-Sha1:
27736ef618a2034bf2d340688c86a01e8b9b5049 2554 libxslt_1.1.28-2+deb8u6.dsc
a1de958ba0919012bdf478ee7acc1f837499a375 41288 libxslt_1.1.28-2+deb8u6.debian.tar.xz
c6f15f7860b041925e8be0c6c1ba53e66b79795d 233156 libxslt1.1_1.1.28-2+deb8u6_amd64.deb
ee2bcfad75a1237204d15787c333c243cc1040ea 514292 libxslt1-dev_1.1.28-2+deb8u6_amd64.deb
659451ea317913741efe0e60fa6abf7ebe9544e3 480752 libxslt1-dbg_1.1.28-2+deb8u6_amd64.deb
285a252b0eec60346360d7ce2349781aacaa4360 119342 xsltproc_1.1.28-2+deb8u6_amd64.deb
0c110158a0b05b699a0f2bf2a01c8acdd1360f02 139478 python-libxslt1_1.1.28-2+deb8u6_amd64.deb
58f27c0eb646aaefdc11949ca1ce0e2b22a6c9f9 222864 python-libxslt1-dbg_1.1.28-2+deb8u6_amd64.deb
Checksums-Sha256:
ff3073e4ee00c3b3a43867e65c69886c104ce71cd02d0960610345a00f974e66 2554 libxslt_1.1.28-2+deb8u6.dsc
43c944cc8671b1ba89b34d385629baa276cf5d58d48d5c70403ec4b95e564658 41288 libxslt_1.1.28-2+deb8u6.debian.tar.xz
a284c91b5b876b35fe7152353df107bba126673d156d709659cfd15b907bf990 233156 libxslt1.1_1.1.28-2+deb8u6_amd64.deb
041a1958f91625d0ae71dd7934338a974875be72c8a984a10697f1c3cb4b919b 514292 libxslt1-dev_1.1.28-2+deb8u6_amd64.deb
2ab2ca73479f03c3c572a830563d4e45db694516a236ba7b287e8559fd62348c 480752 libxslt1-dbg_1.1.28-2+deb8u6_amd64.deb
126d4902b9f5622954375e908f529c584eada5d10ed8d1a1b9c5d25bb7b9468e 119342 xsltproc_1.1.28-2+deb8u6_amd64.deb
ddf0e756c751addc4f8de2a5f3346941ca70f4fb9af43f2d8dc224705719b72d 139478 python-libxslt1_1.1.28-2+deb8u6_amd64.deb
b9a6d0d15acbc4a02dedb3d26036a6f0c51bb758d073cab9d533f6cd306828a8 222864 python-libxslt1-dbg_1.1.28-2+deb8u6_amd64.deb
Files:
4d2741b8d87e42b59094e44bc1a83f46 2554 text optional libxslt_1.1.28-2+deb8u6.dsc
cc37248dea1a862092ddd36c7ca73cc5 41288 text optional libxslt_1.1.28-2+deb8u6.debian.tar.xz
6e21e70fbe49d4753aa86444bcd3f725 233156 libs optional libxslt1.1_1.1.28-2+deb8u6_amd64.deb
fd6cc2b93fa155a7d938de6f192f8596 514292 libdevel optional libxslt1-dev_1.1.28-2+deb8u6_amd64.deb
f620d248360640944af89b6ac450377a 480752 debug extra libxslt1-dbg_1.1.28-2+deb8u6_amd64.deb
34e4abf0dc8cd46c9fd5d78dae487807 119342 text optional xsltproc_1.1.28-2+deb8u6_amd64.deb
65a56c7dba6349e357813deebc632e6b 139478 python optional python-libxslt1_1.1.28-2+deb8u6_amd64.deb
f24ea6c31c82238a292ef6f03feafaeb 222864 debug extra python-libxslt1-dbg_1.1.28-2+deb8u6_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl21y5NfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkRhcQAJS6K4y95uri0gkviF0Nxhe3U9FI9TZKG84Y
KbJkMrHE4dsBXVQ0xIiTpJq4spZrM18WUuT/EbaR80DGIbrxOHqPS5gQDAP2T3AF
7ZOPuLIi0eOlLYkUBaS6VNpIxFW+Uc+5KGddX8AnDSz/kwU6miRM7fujXi0MSyc0
4p4YmGHdsez46ImHUzca466Ygc96vTqgm+4Ny0vz9SsTljry61qT3++ZV0BNfFu0
9q6mJTqsfYOtxtBveNr/xgm99bqhovaY+UrB1D+JL1S9iUEvQpbFNyKM2MDFWwEf
BHQj8EVKAwTkUsFNaaYoL9Pvock+Y8rmgpj9DuaV08Z89JA/OpAjxmcnxJoNrFkk
wMDEIgQb33pJS7hOyem9rf9HSly9B0SziBahGkvGAuItdD7/XVYZqWt7uIcChZ5A
M1WftDBAmohqOGMtzkBTc6jS4d0HO6EcSyyTe/VR6l5mI1waz5BGbMQRBJzS/Qcv
Fatl5RE6uBU5ykFkxpS9rBH0X+PsqwWLf2RKuePcKYrd+lNkiSN5BlPlBUorMDG+
11CFTDYy2ecMJtRW0KAl7PU5ZVueHRXJdyhUrlnymUNAus3p5bupQF32ffpRNOVg
6MGktZ8J3qKhtOcCIhrX1u2K3YxHg0DVnx6KX1GL7oXNofXroR+KmjzXCWxV1EUa
pe1msKdr
=MC3e
-----END PGP SIGNATURE-----