-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 22 Jul 2019 14:28:55 +0200 Source: libxslt Binary: libxslt1.1 libxslt1-dev libxslt1-dbg xsltproc python-libxslt1 python-libxslt1-dbg Architecture: source amd64 Version: 1.1.28-2+deb8u5 Distribution: jessie-security Urgency: high Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: libxslt1-dbg - XSLT 1.0 processing library - debugging symbols libxslt1-dev - XSLT 1.0 processing library - development kit libxslt1.1 - XSLT 1.0 processing library - runtime library python-libxslt1 - Python bindings for libxslt1 python-libxslt1-dbg - Python bindings for libxslt1 (debug extension) xsltproc - XSLT 1.0 command line processor Changes: libxslt (1.1.28-2+deb8u5) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2016-4610: Invalid memory access leading to DoS at exsltDynMapFunction. libxslt allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. * Fix CVE-2016-4609: Out-of-bounds read at xmlGetLineNoInternal() libxslt allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. * Fix CVE-2019-13117: An xsl:number with certain format strings could lead to an uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character. * Fix CVE-2019-13118: A type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. Checksums-Sha1: aa5240d20fc7fdfbccdb19ae503fedd3ff38909c 2554 libxslt_1.1.28-2+deb8u5.dsc 5d9ffef4479418f254545dbd59648e6ec4efaf89 40992 libxslt_1.1.28-2+deb8u5.debian.tar.xz 2888e99c3af44d7cc916bb588f5f9ad6d99d1ce2 232996 libxslt1.1_1.1.28-2+deb8u5_amd64.deb 4997eb9da7f12c1eab754a7ecfa1226b9719abe4 513812 libxslt1-dev_1.1.28-2+deb8u5_amd64.deb c70e6e9f9ba4a742f77e7da0ca8325b86dfac79e 480192 libxslt1-dbg_1.1.28-2+deb8u5_amd64.deb 1aaca9459be4d495fc749be484f46455d9ae9402 119062 xsltproc_1.1.28-2+deb8u5_amd64.deb bc8edafe4cf996128dc07c5c1b52277ecfe4f373 139576 python-libxslt1_1.1.28-2+deb8u5_amd64.deb a1a33e3b8a3b52920de69e830fa6f70bde6aa56b 222380 python-libxslt1-dbg_1.1.28-2+deb8u5_amd64.deb Checksums-Sha256: 07e3b5c407fe8b16a149016c644564f8fd8f5e028d23c0908b8342aeb29dc8ec 2554 libxslt_1.1.28-2+deb8u5.dsc b16233b1c69d3d46b0c5354e50e1bde721101ebd5af8b36797a076f4b60aa095 40992 libxslt_1.1.28-2+deb8u5.debian.tar.xz b8725bbac6039f3d3349ef9ce0b2d605a94d96e6c113b72136d986dbcf6dd1ed 232996 libxslt1.1_1.1.28-2+deb8u5_amd64.deb 2aaee466be04abdaeb2505bccafc5cc1ef45e27f26e2bc3e47cf17544d854c92 513812 libxslt1-dev_1.1.28-2+deb8u5_amd64.deb 3a0ac8cffde48a68e1c7d81337a02395b48abe86f3050739e7ee5ed56cb1f79e 480192 libxslt1-dbg_1.1.28-2+deb8u5_amd64.deb aef7168c6243d5376457c01dec1b226f1527e2bec342afd1a99deaac48ce69a9 119062 xsltproc_1.1.28-2+deb8u5_amd64.deb 16a9620dba9f4d9e267b5ef4fd6af5a58d746f7b5a34c1d1ffb6e9882df6ec9e 139576 python-libxslt1_1.1.28-2+deb8u5_amd64.deb 0c99004aa2f250cc94519831260075857de76dd7233071c9222f96c6c0f5da3f 222380 python-libxslt1-dbg_1.1.28-2+deb8u5_amd64.deb Files: 8f5410d80471a408a166e90286a3fb2a 2554 text optional libxslt_1.1.28-2+deb8u5.dsc a71ce544bd4154da94c7a97beb5daf40 40992 text optional libxslt_1.1.28-2+deb8u5.debian.tar.xz fc9cabc797e42428784a010424ae3c7b 232996 libs optional libxslt1.1_1.1.28-2+deb8u5_amd64.deb df5e523058d21b2eec8e0e1ec958c0fe 513812 libdevel optional libxslt1-dev_1.1.28-2+deb8u5_amd64.deb df538b575fcbfccadf6a7ab2022dec4b 480192 debug extra libxslt1-dbg_1.1.28-2+deb8u5_amd64.deb 42a50d14da380f4fc48f715d58c93646 119062 text optional xsltproc_1.1.28-2+deb8u5_amd64.deb 0c0673ce58b900533946818465112c8d 139576 python optional python-libxslt1_1.1.28-2+deb8u5_amd64.deb 559f25ab7eca07a1152fbac3f0aa4d8e 222380 debug extra python-libxslt1-dbg_1.1.28-2+deb8u5_amd64.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl01uQtfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkqQkQAKohZX21KCGorNfYkCfPsjEvUptkxBlp0gEQ Y8JrYr6MTVaAd27Db2/Lgz6gf0KpO1fMKJ4KA0O6+r2fU3vGzMIcIWxZ8926ndT6 R+CJQL7clBgq27EY/cSpAhbxvKyzUuqpm758nNdRQbmfk4k8acx6fhMyM0AOVxMu HX8GgNl8vUi17XWEVPpBYwdzFMR4EQ6AhIo681UWaL+Ms2NX9C71f3I6QK6BVqib WaxXvCs+Ry/+o+oJ1stlc8t+V5/FxwhQpwQG5eb4M/5zj3W598Qv9VP7aiqqRMsL DUltiWNpHQVoAHLvfehYO9BzCx6qri8onPk8aqaovCSPO4+crwtgCtpLPZgX2tSA Ey9bWSRgZfQ80L0oWq7ScY41YcH+jPHl4/5/J2MJGwQlj1Odt5I1jDDcXDoK2dmz 3CLw6GOxNYdb4mHsziY4YoieSScLdC0Bbn5xzbLIY2EgRejCkHRVZlzNtwoPAwbM WPb/tziRiUsnyaQGQpRO4CeRJQis1P3is2bx/fQvhoNrqAa6UQyXzdR3p8eUTzjG wLqEOjhrLiM1fdGl7+zPCiRzc7fPZs1nYEGeBXE2SSii7M3X02Dcrd/d7olCsfwf qa5lz9dwQtqoUAlzRpKpKfhRpkU/H19zXiNqlmN+Bif1agttJFAphgySKvYUPTOq mx8ydohx =7eiB -----END PGP SIGNATURE-----
