Change log for libxslt package in Ubuntu
| 1 → 50 of 96 results | First • Previous • Next • Last |
libxslt (1.1.34-4ubuntu0.22.04.1) jammy-security; urgency=medium
* SECURITY UPDATE: Use after free
- debian/patches/CVE-2021-30560.patch: fix use after free
in xsltApplyTemplates in libxslt/transform.c.
- CVE-2021-30560
-- Leonidas Da Silva Barbosa <email address hidden> Thu, 18 Aug 2022 08:44:36 -0300
Available diffs
libxslt (1.1.34-4ubuntu0.20.04.1) focal-security; urgency=medium
* SECURITY UPDATE: Use after free
- debian/patches/CVE-2021-30560.patch: fix use after free
in xsltApplyTemplates in libxslt/transform.c.
- CVE-2021-30560
-- Leonidas Da Silva Barbosa <email address hidden> Thu, 18 Aug 2022 08:47:30 -0300
Available diffs
libxslt (1.1.29-5ubuntu0.3) bionic-security; urgency=medium
* SECURITY UPDATE: Potential heap corruption
- debian/patches/CVE-2019-5815.patch: always set
context mode before calling XPath iterators in
libxslt/numbers.c, test/docs/bug-218.xml,
tests/general/bug-128.out, tests/geral/bug-218.xsl.
- CVE-2019-5815
* SECURITY UPDATE: Use after free
- debian/patches/CVE-2021-30560.patch: fix use after free
in xsltApplyTemplates in libxslt/transform.c.
- CVE-2021-30560
-- Leonidas Da Silva Barbosa <email address hidden> Thu, 18 Aug 2022 10:04:19 -0300
Available diffs
| Published in noble-release |
| Published in mantic-release |
| Published in lunar-release |
| Obsolete in kinetic-release |
| Deleted in kinetic-proposed (Reason: Moved to kinetic) |
libxslt (1.1.35-1) unstable; urgency=medium
* Team upload.
* New upstream version 1.1.35.
* Refresh patches.
* Update Homepage and d/watch to point to the new GNOME-based home
* d/*.doc-base: rename the document name, it shouldn't match the binary
package name.
* Install the new gtk-doc documentation.
* Do not install the .cmake file that come with the new version.
-- Mattia Rizzolo <email address hidden> Fri, 15 Jul 2022 15:29:07 +0200
Available diffs
| Superseded in kinetic-release |
| Published in jammy-release |
| Deleted in jammy-proposed (Reason: Moved to jammy) |
libxslt (1.1.34-4build2) jammy; urgency=high * No change rebuild for ppc64el baseline bump. -- Julian Andres Klode <email address hidden> Thu, 24 Mar 2022 17:15:44 +0100
Available diffs
| Superseded in jammy-release |
| Deleted in jammy-proposed (Reason: Moved to jammy) |
| Deleted in impish-proposed (Reason: Moved ot jammy) |
libxslt (1.1.34-4build1) impish; urgency=medium * No-change rebuild to build packages with zstd compression. -- Matthias Klose <email address hidden> Thu, 07 Oct 2021 12:19:57 +0200
Available diffs
- diff from 1.1.34-4 (in Debian) to 1.1.34-4build1 (321 bytes)
| Superseded in jammy-release |
| Obsolete in impish-release |
| Obsolete in hirsute-release |
| Obsolete in groovy-release |
| Published in focal-release |
| Deleted in focal-proposed (Reason: moved to Release) |
libxslt (1.1.34-4) unstable; urgency=medium
* Team upload.
* Add patch to make the xslt-config script compatible with multi-arch.
Closes: #952768
-- Mattia Rizzolo <email address hidden> Wed, 04 Mar 2020 14:02:32 +0100
Available diffs
- diff from 1.1.34-3 to 1.1.34-4 (1.6 KiB)
libxslt (1.1.34-3) unstable; urgency=medium
* Team upload.
* Add a patch to fix FTBFS when built twice in a row. Closes: #947914
(Add build-dependency on docbook-xsl for this.)
-- Mattia Rizzolo <email address hidden> Sat, 22 Feb 2020 15:28:46 +0100
Available diffs
libxslt (1.1.34-1ubuntu1) focal; urgency=medium * Restore the xslt-config script. -- Matthias Klose <email address hidden> Tue, 18 Feb 2020 16:46:45 +0100
Available diffs
libxslt (1.1.33-0ubuntu3) focal; urgency=medium * python-libxslt1-dbg: Depend on python2-dbg instead of python-dbg. -- Matthias Klose <email address hidden> Thu, 09 Jan 2020 14:04:09 +0100
Available diffs
- diff from 1.1.33-0ubuntu2 to 1.1.33-0ubuntu3 (461 bytes)
libxslt (1.1.33-0ubuntu2) focal; urgency=medium * No-change rebuild to generate dependencies on python2. -- Matthias Klose <email address hidden> Tue, 17 Dec 2019 12:36:00 +0000
Available diffs
- diff from 1.1.33-0ubuntu1 to 1.1.33-0ubuntu2 (324 bytes)
libxslt (1.1.34-1) experimental; urgency=medium
* Team upload.
* New upstream version 1.1.34.
* Refresh patches
* d/libxslt1.1.symbols: Add new symbols.
* d/control:
+ Bump debhelper compat level to 12.
+ Bump Standards-Version to 4.4.1, no changes needed.
* Stop building and installing the static library.
* Stop installing xslt-config, please use pkg-config.
* Drop Python2 packages. (Closes: #936942)
* Make use of dh_missing --fail-missing:
+ Leave the docs files where the upstream build system put them, and just
move them into the right package. All the documentation was this way
moved into an extra html/ directory.
+ Installs files in a way that lets dh_missing detect them as installed.
+ d/not-installed: list xslt-config.
-- Mattia Rizzolo <email address hidden> Mon, 25 Nov 2019 19:22:08 +0100
Available diffs
libxslt (1.1.33-0ubuntu1.1) eoan-security; urgency=medium
* SECURITY UPDATE: Buffer over-read
- debian/patches/CVE-2019-18197.patch: Fix dangling
pointer in xsltCopyText in libxslt/transform.c.
- CVE-2019-18197
-- <email address hidden> (Leonidas S. Barbosa) Tue, 22 Oct 2019 09:31:42 -0300
Available diffs
libxslt (1.1.32-2ubuntu0.2) disco-security; urgency=medium
* SECURITY UPDATE: Uninitialized read
- debian/patches/CVE-2019-13117.patch: Fix uninitialized
read of xsl:number token in libxslt/numbers.c.
- CVE-2019-13117
* SECURITY UPDATE: Uninitialized read
- debian/patches/CVE-2019-13118.patch: Fix uninitialized
read with UTF-8 grouping chars in libxslt/numbers.c,
tests/docs/bug-222.xml, tests/general/bug-222.out,
tests/general/bug-222.xsl.
- CVE-2019-13118
* SECURITY UPDATE: Buffer over-read
- debian/patches/CVE-2019-18197.patch: Fix dangling
pointer in xsltCopyText in libxslt/transform.c.
- CVE-2019-18197
-- <email address hidden> (Leonidas S. Barbosa) Tue, 22 Oct 2019 09:40:11 -0300
Available diffs
libxslt (1.1.28-2.1ubuntu0.3) xenial-security; urgency=medium
* SECURITY UPDATE: Uninitialized read
- debian/patches/CVE-2019-13117.patch: Fix uninitialized
read of xsl:number token in libxslt/numbers.c.
- CVE-2019-13117
* SECURITY UPDATE: Uninitialized read
- debian/patches/CVE-2019-13118.patch: Fix uninitialized
read with UTF-8 grouping chars in libxslt/numbers.c,
tests/docs/bug-222.xml, tests/general/bug-222.out,
tests/general/bug-222.xsl.
- CVE-2019-13118
* SECURITY UPDATE: Buffer over-read
- debian/patches/CVE-2019-18197.patch: Fix dangling
pointer in xsltCopyText in libxslt/transform.c.
- CVE-2019-18197
-- <email address hidden> (Leonidas S. Barbosa) Tue, 22 Oct 2019 09:57:55 -0300
Available diffs
libxslt (1.1.29-5ubuntu0.2) bionic-security; urgency=medium
* SECURITY UPDATE: Uninitialized read
- debian/patches/CVE-2019-13117.patch: Fix uninitialized
read of xsl:number token in libxslt/numbers.c.
- CVE-2019-13117
* SECURITY UPDATE: Uninitialized read
- debian/patches/CVE-2019-13118.patch: Fix uninitialized
read with UTF-8 grouping chars in libxslt/numbers.c,
tests/docs/bug-222.xml, tests/general/bug-222.out,
tests/general/bug-222.xsl.
- CVE-2019-13118
* SECURITY UPDATE: Buffer over-read
- debian/patches/CVE-2019-18197.patch: Fix dangling
pointer in xsltCopyText in libxslt/transform.c.
- CVE-2019-18197
-- <email address hidden> (Leonidas S. Barbosa) Tue, 22 Oct 2019 09:52:39 -0300
Available diffs
libxslt (1.1.26-8ubuntu1.6) precise-security; urgency=medium
* SECURITY UPDATE: Uninitialized read
Fix uninitialized
read of xsl:number token in libxslt/numbers.c.
- CVE-2019-13117
* SECURITY UPDATE: Uninitialized read
Fix uninitialized
read with UTF-8 grouping chars in libxslt/numbers.c,
tests/docs/bug-222.xml, tests/general/bug-222.out,
tests/general/bug-222.xsl.
- CVE-2019-13118
* SECURITY UPDATE: Buffer over-read
Fix dangling
pointer in xsltCopyText in libxslt/transform.c.
- CVE-2019-18197
-- <email address hidden> (Leonidas S. Barbosa) Tue, 22 Oct 2019 10:19:03 -0300
Available diffs
| Superseded in focal-release |
| Obsolete in eoan-release |
| Deleted in eoan-proposed (Reason: moved to release) |
libxslt (1.1.33-0ubuntu1) eoan; urgency=medium
* New upstream version
* debian/patches/0003-fix-typo.patch:
- removed, fixed in the new version
-- Sebastien Bacher <email address hidden> Tue, 27 Aug 2019 18:01:01 +0300
Available diffs
libxslt (1.1.32-2.1) unstable; urgency=medium
* Non-maintainer upload.
* Fix security framework bypass (CVE-2019-11068) (Closes: #926895, #933743)
* Fix uninitialized read of xsl:number token (CVE-2019-13117)
(Closes: #931321, #933743)
* Fix uninitialized read with UTF-8 grouping chars (CVE-2019-13118)
(Closes: #931320, #933743)
-- Salvatore Bonaccorso <email address hidden> Sun, 04 Aug 2019 08:14:05 +0200
Available diffs
libxslt (1.1.28-2ubuntu0.2) trusty-security; urgency=medium
* SECURITY UPDATE: Bypass of protection mechanism
- debian/patches/CVE-2019-11068.patch: Fix security
framework bypass checking for returns equal or less
-1 in libxslt/documents.c, libxslt/imports.c,
libxslt/transform.c,libxslt/xslt.c.
- CVE-2019-11068
-- <email address hidden> (Leonidas S. Barbosa) Fri, 12 Apr 2019 14:10:20 -0300
Available diffs
libxslt (1.1.28-2.1ubuntu0.2) xenial-security; urgency=medium
* SECURITY UPDATE: Bypass of protection mechanism
- debian/patches/CVE-2019-11068.patch: Fix security
framework bypass checking for returns equal or less
-1 in libxslt/documents.c, libxslt/imports.c,
libxslt/transform.c,libxslt/xslt.c.
- CVE-2019-11068
-- <email address hidden> (Leonidas S. Barbosa) Fri, 12 Apr 2019 14:03:06 -0300
Available diffs
libxslt (1.1.29-5ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: Bypass of protection mechanism
- debian/patches/CVE-2019-11068.patch: Fix security
framework bypass checking for returns equal or less
-1 in libxslt/documents.c, libxslt/imports.c,
libxslt/transform.c,libxslt/xslt.c.
- CVE-2019-11068
-- <email address hidden> (Leonidas S. Barbosa) Fri, 12 Apr 2019 13:56:36 -0300
Available diffs
| Superseded in eoan-release |
| Obsolete in disco-release |
| Deleted in disco-proposed (Reason: moved to release) |
| Obsolete in cosmic-updates |
| Obsolete in cosmic-security |
libxslt (1.1.32-2ubuntu0.1) cosmic-security; urgency=medium
* SECURITY UPDATE: Bypass of protection mechanism
- debian/patches/CVE-2019-11068.patch: Fix security
framework bypass checking for returns equal or less
-1 in libxslt/documents.c, libxslt/imports.c,
libxslt/transform.c,libxslt/xslt.c.
- CVE-2019-11068
-- <email address hidden> (Leonidas S. Barbosa) Fri, 12 Apr 2019 13:44:12 -0300
Available diffs
| Superseded in disco-release |
| Obsolete in cosmic-release |
| Deleted in cosmic-proposed (Reason: moved to release) |
libxslt (1.1.32-2) unstable; urgency=medium * Team upload. * Add missing Build-Depends on pkg-config. -- Mattia Rizzolo <email address hidden> Sat, 26 May 2018 23:12:37 +0200
Available diffs
- diff from 1.1.29-5 to 1.1.32-2 (127.4 KiB)
- diff from 1.1.32-1 to 1.1.32-2 (414 bytes)
libxslt (1.1.32-1) unstable; urgency=medium
* Team upload.
* New upstream version 1.1.32.
* d/patches:
+ Remove patches applied upstream.
+ Rebase the remaining patches.
* Drop old debian/TODO file.
* d/rules: include workaround that should make the package build on kfreebsd.
Closes: #840096
* d/control:
+ Bump Standards-Version to 4.1.4, no changes needed.
+ Move Vcs-* to salsa.debian.org.
* d/libxslt1.1.symbols:
+ Add new symbols added in this release.
+ Remove symbols that were accidentally exported in previous releases.
* Bump debhelper compat level to 11.
* Drop the libxslt1-dbg package in favour of automatic dbgsym packages.
-- Mattia Rizzolo <email address hidden> Sat, 26 May 2018 14:47:56 +0200
| Superseded in cosmic-release |
| Published in bionic-release |
| Deleted in bionic-proposed (Reason: moved to release) |
libxslt (1.1.29-5) unstable; urgency=medium * Team upload. * Refresh patches using Gbp Pq. * Add patch from upstream to fix FTBFS in ia64. Closes: #881818 * Declare that libxslt can be built without root, R³:no. -- Mattia Rizzolo <email address hidden> Wed, 15 Nov 2017 16:27:00 +0100
Available diffs
- diff from 1.1.29-4 to 1.1.29-5 (6.5 KiB)
libxslt (1.1.29-4) unstable; urgency=medium * Team upload. * Upload to unstable. * Add patch from upstream to fix FTBFS with glibc 2.26. Closes: #880038 -- Mattia Rizzolo <email address hidden> Sun, 05 Nov 2017 13:36:40 +0100
Available diffs
| Superseded in bionic-release |
| Obsolete in artful-release |
| Deleted in artful-proposed (Reason: moved to release) |
libxslt (1.1.29-2.1ubuntu1) artful; urgency=medium
* Add rename build-dependency.
* Stop unconditionally including xlocale.h header in xsltlocale.h as it
is no longer shipped by glibc2.26. Ideally existing autoconf checks
should be used to generate xsltlocale.h with or without xlocale.h
include. LP: #1715599
-- Dimitri John Ledkov <email address hidden> Thu, 07 Sep 2017 11:43:06 +0100
Available diffs
libxslt (1.1.26-8ubuntu1.4) precise-security; urgency=medium
* SECURITY UPDATE: type-confusion leading to denial of service
- libxslt/preproc.c: check that the parent node is an element
before dereferencing its namespace
- 7ca19df892ca22d9314e95d59ce2abdeff46b617
- CVE-2015-7955
* SECURITY UPDATE: out-of-bounds heap memory access
- libxslt/numbers.c: precompile patterns in xsl:number (prereq),
special case namespace nodes in xsltNumberFormatGetMultipleLevel
libxslt/preproc.c, numbersInternals.h: precompile patterns
in xsl:number (prereq change)
tests/docs/bug-186*: add testcase
- Prereq commits: 0d6713d715509da1fec27bec220d43aa4fc48d0f,
102099fb3bc0b29ede7dadc6388337ef4de59a74
- d182d8f6ba3071503d96ce17395c9d55871f0242
- CVE-2016-1683
* SECURITY UPDATE: integer overflow
- libxslt/numbers.c: add lower and upper bounds for 'i' and 'a'
format tokens
- 91d0540ac9beaa86719a05b749219a69baa0dd8d
- 405034286fbdd6166229335b7203a41bf53b40fc
- CVE-2016-1684
* SECURITY UPDATE: use-after-free in xsltDocumentFunctionLoadDocument
- libxslt/functions.c: adjust xmlFree() call
tests/docs/bug-185*, tests/general/bug-185*: add test csses
- fc1ff481fd01e9a65a921c542fed68d8c965e8a3
- CVE-2016-1841
* SECURITY UPDATE: heap information leak
- libxslt/numbers.c: check for empty decimal separator.
- eb1030de31165b68487f288308f9d1810fed6880
- CVE-2016-4738
* SECURITY UPDATE: integer overflow in libxslt.
- libxslt/transform.c, libxslt/xsltInternals.h: limit buffer size
in xsltAddTextString to INT_MAX.
- 08ab2774b870de1c7b5a48693df75e8154addae5
- CVE-2017-5029
* SECURITY UPDATE: double free in hash functions
- libexslt/crypto.c: remove duplicate free calls
- d8862309f08054218b28e2c8f5fb3cb2f650cac7
* SECURITY UPDATE: NULL pointer dereference in Saxon
- libexslt/saxon.c: fix error handling in Saxon extension functions
configure.in, tests/exslt/Makefile.am, tests/exslt/saxon/:
add test cases
- ef7429bb4f1433726cc8fc4fe3d134d8a439fab1
* SECURITY UPDATE: out-of-bounds heap memory access
- libexslt/dynamic.c: use correct type for namespace nodes in
exsltDynMapFunction
tests/exslt/dynamic/dynmap*: add testcase
- 93bb314768aafaffad1df15bbee10b7c5423e283
* SECURITY UPDATE: out-of-bounds heap read memory access
- libexslt/saxon.c: do not pass namespace "nodes" to xmlGetLineNo
tests/exslt/saxon/Makefile.am, tests/exslt/saxon/lineno.1*:
add test case
- 8b90c9a699e0eaa98bbeec63a473ddc73aaa238c
* SECURITY UPDATE: stack-based buffer overflow in exsltDateFormat
- libexslt/date.c: make stack buffer larger
- 5d0c6565bab5b9b7efceb33b626916d22b4101a7
* SECURITY UPDATE: out-of-bounds head read in xsltExtModuleRegisterDynamic
- libxslt/extensions.c: correct stripping of unwanted characters
- 87c3d9ea214fc0503fd8130b6dd97431d69cc066
-- Steve Beattie <email address hidden> Thu, 27 Apr 2017 10:58:44 -0700
Available diffs
libxslt (1.1.29-2ubuntu0.1) zesty-security; urgency=medium
* SECURITY UPDATE: integer overflow in libxslt.
- debian/patches/0008-CVE-2017-5029.patch: limit buffer size in
xsltAddTextString to INT_MAX.
- CVE-2017-5029
-- Steve Beattie <email address hidden> Tue, 25 Apr 2017 15:30:38 -0700
Available diffs
libxslt (1.1.29-1ubuntu0.1) yakkety-security; urgency=medium
* SECURITY UPDATE: heap information leak
- debian/patches/0007-CVE-2017-4738.patch: check for empty
decimal separator.
- CVE-2017-4738
* SECURITY UPDATE: integer overflow in libxslt.
- debian/patches/0008-CVE-2017-5029.patch: limit buffer size in
xsltAddTextString to INT_MAX.
- CVE-2017-5029
-- Steve Beattie <email address hidden> Tue, 25 Apr 2017 22:57:22 -0700
Available diffs
libxslt (1.1.28-2.1ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: out-of-bounds heap memory access
- debian/patches/0010-CVE-2016-1683.patch: special case namespace
nodes in xsltNumberFormatGetMultipleLevel
- CVE-2016-1683
* SECURITY UPDATE: integer overflow
- debian/patches/0011-CVE-2016-1684-1.patch,
debian/patches/0012-CVE-2016-1684-2.patch: add lower and upper
bounds for 'i' and 'a' format tokens
- CVE-2016-1684
* SECURITY UPDATE: use-after-free in xsltDocumentFunctionLoadDocument
- debian/patches/0013-CVE-2016-1841.patch: adjust xmlFree() call
- CVE-2016-1841
* SECURITY UPDATE: heap information leak
- debian/patches/0014-CVE-2016-4738.patch: check for empty
decimal separator.
- CVE-2016-4738
* SECURITY UPDATE: integer overflow in libxslt.
- debian/patches/0015-CVE-2017-5029.patch: limit buffer size in
xsltAddTextString to INT_MAX.
- CVE-2017-5029
* SECURITY UPDATE: double free in hash functions
- 0016-Fix-double-free-in-libexslt-hash-functions-d8862309f0.patch:
remove duplicate free calls
* SECURITY UPDATE: NULL pointer dereference in Saxon
- 0017-Fix-error-handling-in-Saxon-extension-functions-ef7429bb4.patch:
fix error handling in Saxon extension functions
* SECURITY UPDATE: out-of-bounds heap memory access
- 0018-Fix-dyn-map-with-namespace-nodes-93bb3147.patch: use
correct type for namespace nodes in exsltDynMapFunction
* SECURITY UPDATE: out-of-bounds heap read memory access
- 0019-Fix-saxon-line-number-with-namespace-nodes-8b90c9a6.patch:
do not pass namespace "nodes" to xmlGetLineNo
* SECURITY UPDATE: stack-based buffer overflow in exsltDateFormat
- 0020-Fix-buffer-overflow-in-exsltDateFormat-5d0c6565b.patch:
make stack buffer larger
* SECURITY UPDATE: out-of-bounds head read in xsltExtModuleRegisterDynamic
- 0021-Fix-OOB-heap-read-in-xsltExtModuleRegisterDynamic-87c3d9ea.patch:
correct stripping of unwanted characters
-- Steve Beattie <email address hidden> Tue, 25 Apr 2017 23:38:39 -0700
Available diffs
libxslt (1.1.28-2ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: type-confusion leading to denial of service
- debian/patches/0009-CVE-2015-7955.patch: check that the parent
node is an element before dereferencing its namespace
- CVE-2015-7955
* SECURITY UPDATE: out-of-bounds heap memory access
- debian/patches/0010-CVE-2016-1683.patch: special case namespace
nodes in xsltNumberFormatGetMultipleLevel
- CVE-2016-1683
* SECURITY UPDATE: integer overflow
- debian/patches/0011-CVE-2016-1684-1.patch,
debian/patches/0012-CVE-2016-1684-2.patch: add lower and upper
bounds for 'i' and 'a' format tokens
- CVE-2016-1684
* SECURITY UPDATE: use-after-free in xsltDocumentFunctionLoadDocument
- debian/patches/0013-CVE-2016-1841.patch: adjust xmlFree() call
- CVE-2016-1841
* SECURITY UPDATE: heap information leak
- debian/patches/0014-CVE-2016-4738.patch: check for empty
decimal separator.
- CVE-2016-4738
* SECURITY UPDATE: integer overflow in libxslt.
- debian/patches/0015-CVE-2017-5029.patch: limit buffer size in
xsltAddTextString to INT_MAX.
- CVE-2017-5029
* SECURITY UPDATE: double free in hash functions
- 0016-Fix-double-free-in-libexslt-hash-functions-d8862309f0.patch:
remove duplicate free calls
* SECURITY UPDATE: NULL pointer dereference in Saxon
- 0017-Fix-error-handling-in-Saxon-extension-functions-ef7429bb4.patch:
fix error handling in Saxon extension functions
* SECURITY UPDATE: out-of-bounds heap memory access
- 0018-Fix-dyn-map-with-namespace-nodes-93bb3147.patch: use
correct type for namespace nodes in exsltDynMapFunction
* SECURITY UPDATE: out-of-bounds heap read memory access
- 0019-Fix-saxon-line-number-with-namespace-nodes-8b90c9a6.patch:
do not pass namespace "nodes" to xmlGetLineNo
* SECURITY UPDATE: stack-based buffer overflow in exsltDateFormat
- 0020-Fix-buffer-overflow-in-exsltDateFormat-5d0c6565b.patch:
make stack buffer larger
* SECURITY UPDATE: out-of-bounds head read in xsltExtModuleRegisterDynamic
- 0021-Fix-OOB-heap-read-in-xsltExtModuleRegisterDynamic-87c3d9ea.patch:
correct stripping of unwanted characters
-- Steve Beattie <email address hidden> Wed, 26 Apr 2017 16:34:05 -0700
Available diffs
libxslt (1.1.29-2.1) unstable; urgency=high
* Non-maintainer upload.
* Check for integer overflow in xsltAddTextString (CVE-2017-5029)
(Closes: #858546)
-- Salvatore Bonaccorso <email address hidden> Sun, 26 Mar 2017 19:44:01 +0200
Available diffs
- diff from 1.1.29-2 to 1.1.29-2.1 (1.5 KiB)
| Superseded in artful-release |
| Obsolete in zesty-release |
| Deleted in zesty-proposed (Reason: moved to release) |
libxslt (1.1.29-2) unstable; urgency=high
* Team upload.
* Bump debhelper compat level to 10.
+ --parallel is now default
+ --with autoreconf is now default
* Add patch from upstream to fix a heap overread which could cause remote
arbitrary code execution or denial of service.
Closes: #842570 — CVE-2016-4738
-- Mattia Rizzolo <email address hidden> Sun, 30 Oct 2016 14:01:00 +0000
Available diffs
- diff from 1.1.29-1 to 1.1.29-2 (1.3 KiB)
| Superseded in zesty-release |
| Obsolete in yakkety-release |
| Deleted in yakkety-proposed (Reason: moved to release) |
libxslt (1.1.29-1) unstable; urgency=medium * Imported Upstream version 1.1.29 (Closes: #826446) * Remove patches which have been merged upstream * Remove plugin option in xslt-config as it has arch-dep string * Link libxslt with libm (Closes: #801989, #721602) * Add --parallel in debian/rules. -- YunQiang Su <email address hidden> Wed, 17 Aug 2016 15:30:11 +0800
Available diffs
- diff from 1.1.28-4 to 1.1.29-1 (329.1 KiB)
libxslt (1.1.28-4) unstable; urgency=medium * Team upload. * Replace the SOURCE_DATE_EPOCH patch with the one actually committed upstream -- Mattia Rizzolo <email address hidden> Fri, 20 May 2016 09:33:00 +0000
Available diffs
- diff from 1.1.28-3 to 1.1.28-4 (1.9 KiB)
libxslt (1.1.28-3) unstable; urgency=medium
[ Gianfranco Costamagna ]
* Team upload.
* Upload to unstable.
* Bump std-version to 3.9.8.
* Acknowledge previous NMU, thanks carnil!
* Add dh-python to build-depends
[ Jérémy Bobbio ]
* Add a patch from upstream to make generate-id() provide stable IDs.
Thanks to Daniel Veillard. Closes: #823857
[ Dhole ]
* Honour SOURCE_DATE_EPOCH when embedding timestamps in docs. Closes: #791815
[ Mattia Rizzolo ]
* Run wrap-and-sort.
* Use HTTPS in Vcs-* fields.
-- Mattia Rizzolo <email address hidden> Mon, 09 May 2016 20:18:36 +0000
Available diffs
- diff from 1.1.28-2.1 to 1.1.28-3 (4.4 KiB)
| Superseded in yakkety-release |
| Published in xenial-release |
| Deleted in xenial-proposed (Reason: moved to release) |
libxslt (1.1.28-2.1) unstable; urgency=high
* Non-maintainer upload.
* Add 0009-Fix-for-type-confusion-in-preprocessing-attributes.patch patch.
CVE-2015-7995: Type confusion in preprocessing attributes leading to
denial of service. (Closes: #802971)
-- Salvatore Bonaccorso <email address hidden> Fri, 30 Oct 2015 08:46:43 +0100
Available diffs
| Superseded in xenial-release |
| Obsolete in wily-release |
| Obsolete in vivid-release |
| Deleted in vivid-proposed (Reason: moved to release) |
libxslt (1.1.28-2build2) vivid; urgency=medium * No-change rebuild for the libgcrypt20 transition. -- Adam Conrad <email address hidden> Fri, 27 Mar 2015 06:17:04 -0600
Available diffs
- diff from 1.1.28-2build1 to 1.1.28-2build2 (349 bytes)
| Superseded in vivid-release |
| Obsolete in utopic-release |
| Published in trusty-release |
| Deleted in trusty-proposed (Reason: moved to release) |
libxslt (1.1.28-2build1) trusty; urgency=medium * Rebuild to drop files installed into /usr/share/pyshared. -- Matthias Klose <email address hidden> Sun, 23 Feb 2014 13:48:33 +0000
Available diffs
- diff from 1.1.28-2 (in Debian) to 1.1.28-2build1 (333 bytes)
| Superseded in trusty-release |
| Obsolete in saucy-release |
| Deleted in saucy-proposed (Reason: moved to release) |
libxslt (1.1.28-2) unstable; urgency=low
* debian/patches/000[4-8].patch:
Upstream post release patches.
-- Aron Xu <email address hidden> Thu, 01 Aug 2013 13:55:48 +0800
Available diffs
libxslt (1.1.28-1ubuntu1) saucy; urgency=low * Resynchronize on Debian, remaining ubuntu difference: * 0004-fix-python-multiarch-include.patch: fix for multiarch python version
Available diffs
- diff from 1.1.27-1ubuntu2 to 1.1.28-1ubuntu1 (30.8 KiB)
libxslt (1.1.22-1ubuntu1.4) hardy-security; urgency=low
* SECURITY UPDATE: denial of service via malformed stylesheet
- libxslt/functions.c, libxslt/keys.c: check for empty values
tests/*: add tests
- dc11b6b379a882418093ecc8adf11f6166682e8d
- 6c99c519d97e5fcbec7a9537d190efb442e4e833
- CVE-2012-6139
-- Marc Deslauriers <email address hidden> Thu, 28 Mar 2013 13:11:19 -0400
Available diffs
libxslt (1.1.26-1ubuntu1.2) lucid-security; urgency=low
* SECURITY UPDATE: denial of service via malformed stylesheet
- libxslt/functions.c, libxslt/keys.c: check for empty values
tests/*: add tests
- dc11b6b379a882418093ecc8adf11f6166682e8d
- 6c99c519d97e5fcbec7a9537d190efb442e4e833
- CVE-2012-6139
-- Marc Deslauriers <email address hidden> Thu, 28 Mar 2013 13:09:03 -0400
Available diffs
libxslt (1.1.26-7ubuntu0.2) oneiric-security; urgency=low
* SECURITY UPDATE: denial of service via malformed stylesheet
- libxslt/functions.c, libxslt/keys.c: check for empty values
tests/*: add tests
- dc11b6b379a882418093ecc8adf11f6166682e8d
- 6c99c519d97e5fcbec7a9537d190efb442e4e833
- CVE-2012-6139
-- Marc Deslauriers <email address hidden> Thu, 28 Mar 2013 13:07:58 -0400
Available diffs
libxslt (1.1.26-14ubuntu0.1) quantal-security; urgency=low
* SECURITY UPDATE: denial of service via malformed stylesheet
- debian/patches/CVE-2012-6139.patch: check for empty values in
libxslt/functions.c, libxslt/keys.c, add tests in tests/*.
- CVE-2012-6139
-- Marc Deslauriers <email address hidden> Thu, 28 Mar 2013 13:03:10 -0400
Available diffs
libxslt (1.1.26-8ubuntu1.3) precise-security; urgency=low
* SECURITY UPDATE: denial of service via malformed stylesheet
- libxslt/functions.c, libxslt/keys.c: check for empty values
tests/*: add tests
- dc11b6b379a882418093ecc8adf11f6166682e8d
- 6c99c519d97e5fcbec7a9537d190efb442e4e833
- CVE-2012-6139
-- Marc Deslauriers <email address hidden> Thu, 28 Mar 2013 13:05:27 -0400
Available diffs
| Superseded in saucy-release |
| Obsolete in raring-release |
| Deleted in raring-proposed (Reason: moved to release) |
libxslt (1.1.27-1ubuntu2) raring; urgency=low
* SECURITY UPDATE: denial of service via malformed stylesheet
- debian/patches/CVE-2012-6139.patch: check for empty values in
libxslt/functions.c, libxslt/keys.c, add tests in tests/*.
- CVE-2012-6139
-- Marc Deslauriers <email address hidden> Thu, 28 Mar 2013 12:58:25 -0400
Available diffs
libxslt (1.1.27-1ubuntu1) raring; urgency=low * Fix python multiarch include issues to fix an FTBFS. -- Chris J Arges <email address hidden> Thu, 10 Jan 2013 07:58:53 -0600
Available diffs
| 1 → 50 of 96 results | First • Previous • Next • Last |
