Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted libxslt 1.1.34-4+deb11u3 (source) into oldoldstable-security
Date: Thu, 25 Sep 2025 04:50:22 +0000
Signed by: Guilhem Moulin <guilhem@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 24 Sep 2025 13:28:13 +0200
Source: libxslt
Architecture: source
Version: 1.1.34-4+deb11u3
Distribution: bullseye-security
Urgency: high
Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Closes: 1108074 1109123
Changes:
 libxslt (1.1.34-4+deb11u3) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
 .
   [ Jochen Sprickerhof ]
   * CVE-2023-40403: Fix information disclosure with improved memory handling
     of generated-id() (closes: #1108074).
   * CVE-2025-7424: Fix type confusion in xmlNode.psvi between stylesheet and
     source nodes (closes: #1109123).
 .
   [ Guilhem Moulin ]
   * Fix backport of upstream change for issue #123 "generate-id() is
     non-deterministic".
   * d/patches: Drop unrelated upstream change ed11eaa9.
   * d/patches: Add DEP-3 headers for the patches added since 1.1.34-4+deb11u2.
   * Cherry-pick upstream recursion tests in EXSLT dynamic functions in
     preparation for the upcoming CVE-2025-9714/libxml2 fix.
   * Add d/salsa-ci.yml for Salsa CI.
Checksums-Sha1:
 ab10887354cf65eadc1c5713e451799ef6080c6f 2407 libxslt_1.1.34-4+deb11u3.dsc
 f1ecbe52f821fedabc43aa1120f98f0d6b737645 30680 libxslt_1.1.34-4+deb11u3.debian.tar.xz
 dd814fb357a4fd31f4872d219a29264fd741e4e1 7647 libxslt_1.1.34-4+deb11u3_amd64.buildinfo
Checksums-Sha256:
 a5b74a19c08446b5d29a7ec7b5d33aac88e7749cb5a88a5b2203a90e71539fc6 2407 libxslt_1.1.34-4+deb11u3.dsc
 ac56e9014a76af3171e97a3514f1ce9dc3856978391e1e82c89356eb4f900098 30680 libxslt_1.1.34-4+deb11u3.debian.tar.xz
 040c6e8da5c2fb16f24270b8bea415d9921c450154db36635f03103890dad9fe 7647 libxslt_1.1.34-4+deb11u3_amd64.buildinfo
Files:
 073a27c3e105bbbc61bc45a0fd4998e4 2407 text optional libxslt_1.1.34-4+deb11u3.dsc
 048cfccd072439aaf46fead1f0965f5e 30680 text optional libxslt_1.1.34-4+deb11u3.debian.tar.xz
 09095a5acbe97a24cd010d7a8a6ebc25 7647 text optional libxslt_1.1.34-4+deb11u3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmjT1o4ACgkQ05pJnDwh
pVJgIQ//UtuPKq/T2y8O9kN/rTO47MZuAkDTYBAVzMAaLRbwzkL1pGi/qRxZlH/3
ND+5Lr1RT+5jP/F9W7wxFUhsQydAMWmVg8qudqvdks4KzjSFVypWFrOuN5S58hOp
fHxWLCuginRbDo/lTvzmBBOVrH9Weh2+MVqEG7gOKwpSJevu/FyWZDDFE0TB68BO
v08RRrqRZGUoWZjC3kDyUkkxmDGKBZjlpp6Ae1xm7bvpEeAhVCN6r+3E/TT56v3u
Ihf7BKkvGIJopP6glCK8W0TqOCu6FEFUarWedcWPOtoZZWugffyrd1E37MFr1GS+
8vPLb16nWnGPKiiNbv0amAp3eDXlD/30nJAq/7zS/qHJl7pAk90Yfk3QRY7EWPsw
ZL0m7nVn4yaS13xUPPPwKefOEwBRA3BDkMZ+OAXosTMbqxBFkDRqcsopL2RGWZmN
AkfaIH8w8ShrcfuiREnZxfCz0JZ+YZtJv9Y6rpWhNH5jgiChFq7j8PLip4eRCps4
iBkmkoeLWmn/V281BbyTFW1WA00878cdcugdSLhFS2MYhZEQBoZ/oiUBai/McTeb
0ArlKZNrVMb0+F6ykzGU5SL2JJeNteHZXjLgKvlQ3iCzHxXVyg4OIQ6n8B99ADAL
eSVE8n35WdZxf81zk4SCim/pVDiwehiP1prXDhI+/N8k/smMt4s=
=mryx
-----END PGP SIGNATURE-----

News for package libxslt