-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 18 Jun 2016 19:27:31 +0200 Source: libxslt Binary: libxslt1.1 libxslt1-dev libxslt1-dbg xsltproc python-libxslt1 python-libxslt1-dbg Architecture: source Version: 1.1.28-2+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 802971 Description: libxslt1-dbg - XSLT 1.0 processing library - debugging symbols libxslt1-dev - XSLT 1.0 processing library - development kit libxslt1.1 - XSLT 1.0 processing library - runtime library python-libxslt1 - Python bindings for libxslt1 python-libxslt1-dbg - Python bindings for libxslt1 (debug extension) xsltproc - XSLT 1.0 command line processor Changes: libxslt (1.1.28-2+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix for type confusion in preprocessing attributes (CVE-2015-7995) (Closes: #802971) * Always initialize EXSLT month and day to 1 * Fix use-after-free in xsltDocumentFunctionLoadDocument * Fix xsltNumberFormatGetMultipleLevel (CVE-2016-1683) * Round xsl:number values to nearest integer * Handle negative xsl:number values * Lower bound for format token "a" * Lower and upper bound for format token "i" (CVE-2016-1684) * Fix double free in libexslt hash functions * Fix buffer overflow in exsltDateFormat * Fix OOB heap read in xsltExtModuleRegisterDynamic Checksums-Sha1: 3d1739f99b19b9b50d0f47cf929a33cc18e08e4e 2389 libxslt_1.1.28-2+deb8u1.dsc 4df177de629b2653db322bfb891afa3c0d1fa221 3435907 libxslt_1.1.28.orig.tar.gz b0a2c6b9b6e9873609a18205fbdc970252ef5f1d 37208 libxslt_1.1.28-2+deb8u1.debian.tar.xz Checksums-Sha256: d084d58d3f25cea908acf99a26bf79a6aa4d03ebd94ec3cccb3d427175ed0c80 2389 libxslt_1.1.28-2+deb8u1.dsc 5fc7151a57b89c03d7b825df5a0fae0a8d5f05674c0e7cf2937ecec4d54a028c 3435907 libxslt_1.1.28.orig.tar.gz 11a8ec5df714a2ac1a55776b1baede5d0612a29b7c5ab6cbbda22d1d49801655 37208 libxslt_1.1.28-2+deb8u1.debian.tar.xz Files: 99de136e9b5c09c32a01a92acee05b44 2389 text optional libxslt_1.1.28-2+deb8u1.dsc 9667bf6f9310b957254fdcf6596600b7 3435907 text optional libxslt_1.1.28.orig.tar.gz 88f9b562443b447fa3f386f5348917fc 37208 text optional libxslt_1.1.28-2+deb8u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJXZYYxAAoJEAVMuPMTQ89E8ogP+wfZu0WOpdzKN+FRbxfaYNcB wHmo2PliIm0ctbr1aL6pgS3Ei20II7gwGOeA7OzWiJllRZb5KtDP4QuGzaV/L95v W6P4R7KFrUw5m9Z60b6VL8USQLNe0CTfgbJu9ZJHJBWaEiGfJoiaai4bg4jwF1VB bGJdXydNpyzyC6L6TahyNgXI5plOMBy9Lai/dBqva78lrN236e+IWEi+tHRSwuCu 6JvCdxY/llvVg+bcGErmBk4h6xN/jyd4CxTh7M4SuYhj+yvNxNbc98dEUOey5fuU Gfy1NeYYQfggV6tILVUzY9476PZOOS6dcg9622XVshp/ZquYX3MrtUQHHdMJzEv+ srwS1PPsTGh+xcnDodsrPEJkmvCIf6Ks5y+vgJ/wVtNA8XfrpYmXmcnSX5mlM09m VCcWPPhXsDHzixaL/iGG31O1W6KjHYnQcQDc2afrML5DdS8aIJC+iPSHA+sHtSo6 dS8k9cI/l/fJQ7Tw7H5CLZhd9jq89x9EkHp6JbQ0yXsjdHBMNNSo7wqlQSLIHKLq 4lRO1YdVtQIOi5A51gcApPn7jiElVDjk1MHtW7jvnuBYvh/m1rrHAd4R9ieAzSuZ Sgw8rPFRCoJvS347l+5pmI08Tj1JdTS4y5ouu0/fQxXVNxZhFBuK4t7xBgIGzvV4 Qk3sN4gKjqO+SPmHHKlg =au3v -----END PGP SIGNATURE-----