Debian Package Tracker
Register | Log in
Subscribe

libxslt

Choose email to subscribe with

general
  • source: libxslt (main)
  • version: 1.1.43-0.2
  • maintainer: Debian XML/SGML Group (archive) (DMD)
  • uploaders: Aron Xu [DMD] – YunQiang Su [DMD]
  • arch: any
  • std-ver: 4.6.2
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 1.1.34-4+deb11u1
  • o-o-sec: 1.1.34-4+deb11u2
  • oldstable: 1.1.35-1+deb12u1
  • old-sec: 1.1.35-1+deb12u1
  • stable: 1.1.35-1.2
  • testing: 1.1.35-1.2
  • unstable: 1.1.43-0.2
versioned links
  • 1.1.34-4+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.1.34-4+deb11u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.1.35-1+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.1.35-1+deb12u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.1.35-1.2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.1.35-1.2+deb13u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.1.43-0.2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • libxslt1-dev (1 bugs: 0, 0, 1, 0)
  • libxslt1.1 (8 bugs: 0, 3, 5, 0)
  • xsltproc (8 bugs: 0, 5, 3, 0)
action needed
1 security issue in trixie high

There is 1 open security issue in trixie.

1 important issue:
  • CVE-2025-7425: A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
Created: 2025-07-10 Last update: 2025-08-19 11:02
1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:
  • CVE-2025-7425: A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
Created: 2025-07-10 Last update: 2025-08-19 11:02
2 security issues in forky high

There are 2 open security issues in forky.

2 important issues:
  • CVE-2025-7424: A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior.
  • CVE-2025-7425: A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
Created: 2025-08-09 Last update: 2025-08-19 11:02
2 security issues in bullseye high

There are 2 open security issues in bullseye.

2 important issues:
  • CVE-2025-7424: A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior.
  • CVE-2025-7425: A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
Created: 2025-07-10 Last update: 2025-08-19 11:02
1 security issue in bookworm high

There is 1 open security issue in bookworm.

1 important issue:
  • CVE-2025-7425: A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
Created: 2025-07-10 Last update: 2025-08-19 11:02
Depends on packages which need a new maintainer normal
The packages that libxslt depends on which need a new maintainer are:
  • docbook-xsl (#802370)
    • Build-Depends: docbook-xsl
Created: 2023-09-01 Last update: 2025-08-19 08:00
lintian reports 5 warnings normal
Lintian reports 5 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2025-08-18 Last update: 2025-08-18 23:00
3 new commits since last upload, is it time to release? normal
vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:
commit 9fd995014a41edbd0d2b8d25b8b0f3224901348f
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Mon Apr 3 10:08:02 2023 +0000

    Set upstream metadata fields: Repository.
    
    Changes-By: lintian-brush
    Fixes: lintian: upstream-metadata-missing-repository
    See-also: https://lintian.debian.org/tags/upstream-metadata-missing-repository.html

commit b3c4bb5ae32f9860f483557e1d40030d1dcddbc8
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Thu Oct 20 02:55:06 2022 +0000

    Set upstream metadata fields: Bug-Database, Bug-Submit, Name (from ./configure), Repository-Browse.
    
    Changes-By: lintian-brush
    Fixes: lintian: upstream-metadata-file-is-missing
    See-also: https://lintian.debian.org/tags/upstream-metadata-file-is-missing.html
    Fixes: lintian: upstream-metadata-missing-bug-tracking
    See-also: https://lintian.debian.org/tags/upstream-metadata-missing-bug-tracking.html

commit 8d86a492ce3d51c875fae0c4ed0529d5f9576867
Author: Debian Janitor <janitor@jelmer.uk>
Date:   Thu Oct 20 02:54:55 2022 +0000

    Bump debhelper from old 12 to 13.
    + debian/rules: Drop --fail-missing argument to dh_missing, which is now the default.
    
    Changes-By: lintian-brush
    Fixes: lintian: package-uses-old-debhelper-compat-version
    See-also: https://lintian.debian.org/tags/package-uses-old-debhelper-compat-version.html
Created: 2024-09-25 Last update: 2025-08-18 15:33
debian/patches: 5 patches to forward upstream low

Among the 5 debian patches available in version 1.1.43-0.2 of the package, we noticed the following issues:

  • 5 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.
Created: 2023-02-26 Last update: 2025-08-18 22:31
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.6.2).
Created: 2020-11-17 Last update: 2025-08-18 18:33
testing migrations
  • excuses:
    • Migration status for libxslt (1.1.35-1.2 to 1.1.43-0.2): Waiting for test results or another package, or too young (no action required now - check later)
    • Issues preventing migration:
    • ∙ ∙ Too young, only 1 of 5 days old
    • Additional info:
    • ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/libx/libxslt.html
    • ∙ ∙ autopkgtest for libreoffice/4:25.2.3-2: armel: Pass, armhf: Failed (not a regression)
    • ∙ ∙ Waiting for reproducibility test results on amd64 - info ♻
    • ∙ ∙ Waiting for reproducibility test results on arm64 - info ♻
    • Not considered
news
[rss feed]
  • [2025-08-19] Accepted libxslt 1.1.35-1.2+deb13u1 (source) into stable-security (Debian FTP Masters) (signed by: Aron Xu)
  • [2025-08-19] Accepted libxslt 1.1.35-1+deb12u2 (source) into oldstable-security (Debian FTP Masters) (signed by: Aron Xu)
  • [2025-08-18] Accepted libxslt 1.1.43-0.2 (source) into unstable (Matthias Klose)
  • [2025-08-14] Accepted libxslt 1.1.43-0.1 (source) into unstable (Matthias Klose)
  • [2025-08-13] Accepted libxslt 1.1.35-2 (source) into unstable (Aron Xu)
  • [2025-05-20] Accepted libxslt 1.1.43-0exp1 (source) into experimental (Matthias Klose)
  • [2025-03-27] Accepted libxslt 1.1.35-1+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
  • [2025-03-24] Accepted libxslt 1.1.34-4+deb11u2 (source) into oldstable-security (Adrian Bunk)
  • [2025-03-23] Accepted libxslt 1.1.35-1+deb12u1 (source) into stable-security (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
  • [2025-03-23] libxslt 1.1.35-1.2 MIGRATED to testing (Debian testing watch)
  • [2025-03-17] Accepted libxslt 1.1.35-1.2 (source) into unstable (Salvatore Bonaccorso)
  • [2024-07-14] libxslt 1.1.35-1.1 MIGRATED to testing (Debian testing watch)
  • [2024-07-09] Accepted libxslt 1.1.35-1.1 (source) into unstable (Andreas Metzler)
  • [2024-02-28] Accepted libxslt 1.1.39-0exp1 (source) into experimental (Aron Xu)
  • [2022-09-09] Accepted libxslt 1.1.32-2.2~deb10u2 (source) into oldstable (Emilio Pozuelo Monfort)
  • [2022-08-26] Accepted libxslt 1.1.34-4+deb11u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
  • [2022-08-24] Accepted libxslt 1.1.34-4+deb11u1 (source) into stable-security->embargoed, stable-security (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
  • [2022-07-20] libxslt 1.1.35-1 MIGRATED to testing (Debian testing watch)
  • [2022-07-15] Accepted libxslt 1.1.35-1 (source) into unstable (Mattia Rizzolo)
  • [2020-03-09] libxslt 1.1.34-4 MIGRATED to testing (Debian testing watch)
  • [2020-03-04] Accepted libxslt 1.1.34-4 (source) into unstable (Mattia Rizzolo)
  • [2020-02-29] libxslt 1.1.34-3 MIGRATED to testing (Debian testing watch)
  • [2020-02-22] Accepted libxslt 1.1.34-3 (source) into unstable (Mattia Rizzolo)
  • [2020-02-21] Accepted libxslt 1.1.34-2 (source) into unstable (Mattia Rizzolo)
  • [2019-12-07] Accepted libxslt 1.1.29-2.1+deb9u2 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Salvatore Bonaccorso)
  • [2019-11-25] Accepted libxslt 1.1.34-1 (source) into experimental (Mattia Rizzolo)
  • [2019-11-09] Accepted libxslt 1.1.32-2.2~deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Salvatore Bonaccorso)
  • [2019-11-04] libxslt 1.1.32-2.2 MIGRATED to testing (Debian testing watch)
  • [2019-10-29] Accepted libxslt 1.1.32-2.2 (source) into unstable (Salvatore Bonaccorso)
  • [2019-10-27] Accepted libxslt 1.1.28-2+deb8u6 (source amd64) into oldoldstable (Markus Koschany)
  • 1
  • 2
bugs [bug history graph]
  • all: 19
  • RC: 0
  • I&N: 10
  • M&W: 9
  • F&P: 0
  • patch: 0
links
  • homepage
  • lintian (0, 5)
  • buildd: logs, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • debian patches
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 1.1.43-0.1
  • 10 bugs

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing