-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 27 Oct 2019 17:44:26 +0100 Source: libxslt Binary: libxslt1.1 libxslt1-dev libxslt1-dbg xsltproc python-libxslt1 python-libxslt1-dbg Architecture: source amd64 Version: 1.1.28-2+deb8u6 Distribution: jessie-security Urgency: high Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: libxslt1-dbg - XSLT 1.0 processing library - debugging symbols libxslt1-dev - XSLT 1.0 processing library - development kit libxslt1.1 - XSLT 1.0 processing library - runtime library python-libxslt1 - Python bindings for libxslt1 python-libxslt1-dbg - Python bindings for libxslt1 (debug extension) xsltproc - XSLT 1.0 command line processor Changes: libxslt (1.1.28-2+deb8u6) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-18197: In xsltCopyText in transform.c, a pointer variable is not reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed. Checksums-Sha1: 27736ef618a2034bf2d340688c86a01e8b9b5049 2554 libxslt_1.1.28-2+deb8u6.dsc a1de958ba0919012bdf478ee7acc1f837499a375 41288 libxslt_1.1.28-2+deb8u6.debian.tar.xz c6f15f7860b041925e8be0c6c1ba53e66b79795d 233156 libxslt1.1_1.1.28-2+deb8u6_amd64.deb ee2bcfad75a1237204d15787c333c243cc1040ea 514292 libxslt1-dev_1.1.28-2+deb8u6_amd64.deb 659451ea317913741efe0e60fa6abf7ebe9544e3 480752 libxslt1-dbg_1.1.28-2+deb8u6_amd64.deb 285a252b0eec60346360d7ce2349781aacaa4360 119342 xsltproc_1.1.28-2+deb8u6_amd64.deb 0c110158a0b05b699a0f2bf2a01c8acdd1360f02 139478 python-libxslt1_1.1.28-2+deb8u6_amd64.deb 58f27c0eb646aaefdc11949ca1ce0e2b22a6c9f9 222864 python-libxslt1-dbg_1.1.28-2+deb8u6_amd64.deb Checksums-Sha256: ff3073e4ee00c3b3a43867e65c69886c104ce71cd02d0960610345a00f974e66 2554 libxslt_1.1.28-2+deb8u6.dsc 43c944cc8671b1ba89b34d385629baa276cf5d58d48d5c70403ec4b95e564658 41288 libxslt_1.1.28-2+deb8u6.debian.tar.xz a284c91b5b876b35fe7152353df107bba126673d156d709659cfd15b907bf990 233156 libxslt1.1_1.1.28-2+deb8u6_amd64.deb 041a1958f91625d0ae71dd7934338a974875be72c8a984a10697f1c3cb4b919b 514292 libxslt1-dev_1.1.28-2+deb8u6_amd64.deb 2ab2ca73479f03c3c572a830563d4e45db694516a236ba7b287e8559fd62348c 480752 libxslt1-dbg_1.1.28-2+deb8u6_amd64.deb 126d4902b9f5622954375e908f529c584eada5d10ed8d1a1b9c5d25bb7b9468e 119342 xsltproc_1.1.28-2+deb8u6_amd64.deb ddf0e756c751addc4f8de2a5f3346941ca70f4fb9af43f2d8dc224705719b72d 139478 python-libxslt1_1.1.28-2+deb8u6_amd64.deb b9a6d0d15acbc4a02dedb3d26036a6f0c51bb758d073cab9d533f6cd306828a8 222864 python-libxslt1-dbg_1.1.28-2+deb8u6_amd64.deb Files: 4d2741b8d87e42b59094e44bc1a83f46 2554 text optional libxslt_1.1.28-2+deb8u6.dsc cc37248dea1a862092ddd36c7ca73cc5 41288 text optional libxslt_1.1.28-2+deb8u6.debian.tar.xz 6e21e70fbe49d4753aa86444bcd3f725 233156 libs optional libxslt1.1_1.1.28-2+deb8u6_amd64.deb fd6cc2b93fa155a7d938de6f192f8596 514292 libdevel optional libxslt1-dev_1.1.28-2+deb8u6_amd64.deb f620d248360640944af89b6ac450377a 480752 debug extra libxslt1-dbg_1.1.28-2+deb8u6_amd64.deb 34e4abf0dc8cd46c9fd5d78dae487807 119342 text optional xsltproc_1.1.28-2+deb8u6_amd64.deb 65a56c7dba6349e357813deebc632e6b 139478 python optional python-libxslt1_1.1.28-2+deb8u6_amd64.deb f24ea6c31c82238a292ef6f03feafaeb 222864 debug extra python-libxslt1-dbg_1.1.28-2+deb8u6_amd64.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl21y5NfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkRhcQAJS6K4y95uri0gkviF0Nxhe3U9FI9TZKG84Y KbJkMrHE4dsBXVQ0xIiTpJq4spZrM18WUuT/EbaR80DGIbrxOHqPS5gQDAP2T3AF 7ZOPuLIi0eOlLYkUBaS6VNpIxFW+Uc+5KGddX8AnDSz/kwU6miRM7fujXi0MSyc0 4p4YmGHdsez46ImHUzca466Ygc96vTqgm+4Ny0vz9SsTljry61qT3++ZV0BNfFu0 9q6mJTqsfYOtxtBveNr/xgm99bqhovaY+UrB1D+JL1S9iUEvQpbFNyKM2MDFWwEf BHQj8EVKAwTkUsFNaaYoL9Pvock+Y8rmgpj9DuaV08Z89JA/OpAjxmcnxJoNrFkk wMDEIgQb33pJS7hOyem9rf9HSly9B0SziBahGkvGAuItdD7/XVYZqWt7uIcChZ5A M1WftDBAmohqOGMtzkBTc6jS4d0HO6EcSyyTe/VR6l5mI1waz5BGbMQRBJzS/Qcv Fatl5RE6uBU5ykFkxpS9rBH0X+PsqwWLf2RKuePcKYrd+lNkiSN5BlPlBUorMDG+ 11CFTDYy2ecMJtRW0KAl7PU5ZVueHRXJdyhUrlnymUNAus3p5bupQF32ffpRNOVg 6MGktZ8J3qKhtOcCIhrX1u2K3YxHg0DVnx6KX1GL7oXNofXroR+KmjzXCWxV1EUa pe1msKdr =MC3e -----END PGP SIGNATURE-----