Debian Bug report logs -
#802971
libxslt: CVE-2015-7995: Type confusion may cause DoS
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Sun, 25 Oct 2015 18:18:02 UTC
Severity: important
Tags: fixed-upstream, jessie, patch, security, sid, stretch, upstream
Found in version libxslt/1.1.26-1
Fixed in versions libxslt/1.1.28-2.1, libxslt/1.1.28-2+deb8u1
Done: Salvatore Bonaccorso <carnil@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#802971; Package src:libxslt.
(Sun, 25 Oct 2015 18:18:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>.
(Sun, 25 Oct 2015 18:18:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: libxslt
Version: 1.1.26-1
Severity: important
Tags: security upstream
Hi
See https://bugzilla.redhat.com/show_bug.cgi?id=1257962 for more
details and a PoC.
Regards,
Salvatore
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#802971; Package src:libxslt.
(Wed, 28 Oct 2015 13:51:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>.
(Wed, 28 Oct 2015 13:51:05 GMT) (full text, mbox, link).
Message #10 received at 802971@bugs.debian.org (full text, mbox, reply):
Control: retitle -1 libxslt: CVE-2015-7995: Type confusion may cause DoS
Hi,
CVE-2015-7995 has now been assigned to this issue.
Regards,
Salvatore
Changed Bug title to 'libxslt: CVE-2015-7995: Type confusion may cause DoS' from 'libxslt: Type confusion may cause DoS'
Request was from Salvatore Bonaccorso <carnil@debian.org>
to 802971-submit@bugs.debian.org.
(Wed, 28 Oct 2015 13:51:05 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#802971; Package src:libxslt.
(Fri, 30 Oct 2015 08:06:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>.
(Fri, 30 Oct 2015 08:06:07 GMT) (full text, mbox, link).
Message #17 received at 802971@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Control: tags -1 + patch fixed-upstream
Hi,
Attached is debdiff to fix that, but haven't uploaded to a delayed
queue so far.
Regards,
Salvatore
[libxslt_1.1.28-2.1.debdiff (text/plain, attachment)]
Added tag(s) patch and fixed-upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to 802971-submit@bugs.debian.org.
(Fri, 30 Oct 2015 08:06:08 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#802971; Package src:libxslt.
(Sat, 31 Oct 2015 15:33:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>.
(Sat, 31 Oct 2015 15:33:05 GMT) (full text, mbox, link).
Message #24 received at 802971@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Control: tags 802971 + pending
Dear maintainer,
I've prepared an NMU for libxslt (versioned as 1.1.28-2.1) and
uploaded it to DELAYED/10. Please feel free to tell me if I
should delay it longer.
Regards,
Salvatore
[libxslt-1.1.28-2.1-nmu.diff (text/x-diff, attachment)]
Added tag(s) pending.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to 802971-submit@bugs.debian.org.
(Sat, 31 Oct 2015 15:33:05 GMT) (full text, mbox, link).
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility.
(Tue, 10 Nov 2015 16:45:18 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Tue, 10 Nov 2015 16:45:18 GMT) (full text, mbox, link).
Message #31 received at 802971-close@bugs.debian.org (full text, mbox, reply):
Source: libxslt
Source-Version: 1.1.28-2.1
We believe that the bug you reported is fixed in the latest version of
libxslt, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 802971@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated libxslt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 30 Oct 2015 08:46:43 +0100
Source: libxslt
Binary: libxslt1.1 libxslt1-dev libxslt1-dbg xsltproc python-libxslt1 python-libxslt1-dbg
Architecture: source
Version: 1.1.28-2.1
Distribution: unstable
Urgency: high
Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 802971
Description:
libxslt1-dbg - XSLT 1.0 processing library - debugging symbols
libxslt1-dev - XSLT 1.0 processing library - development kit
libxslt1.1 - XSLT 1.0 processing library - runtime library
python-libxslt1 - Python bindings for libxslt1
python-libxslt1-dbg - Python bindings for libxslt1 (debug extension)
xsltproc - XSLT 1.0 command line processor
Changes:
libxslt (1.1.28-2.1) unstable; urgency=high
.
* Non-maintainer upload.
* Add 0009-Fix-for-type-confusion-in-preprocessing-attributes.patch patch.
CVE-2015-7995: Type confusion in preprocessing attributes leading to
denial of service. (Closes: #802971)
Checksums-Sha1:
fcf3c635551b83ebcbfc1c716162888cefa39ef4 2369 libxslt_1.1.28-2.1.dsc
663f8f1595884aa0146dff08749496d40b15bd0a 31632 libxslt_1.1.28-2.1.debian.tar.xz
Checksums-Sha256:
55330a77f4c7d573dc75ca3873b01ee15cc8a5cd4f9a49a9da6d3f168cbfdd1c 2369 libxslt_1.1.28-2.1.dsc
3240a87af4947d497901fb507fb71c9ec9c7ac3249e18528b0580ee9bba99378 31632 libxslt_1.1.28-2.1.debian.tar.xz
Files:
85fca89fd8ae341ea43d526617b6e81d 2369 text optional libxslt_1.1.28-2.1.dsc
67ce688212cf393709f444e5bdaeab4f 31632 text optional libxslt_1.1.28-2.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJWNN1AAAoJEAVMuPMTQ89ERLcQAJA2P0h6QBF52smk37UA7Oqe
VBFfhziackVXJLuo2VUoQZg4p+8nORZGmLbgvwMF3mNi1AUxpTO9QFpUr4y7ePdz
XGSaiV6FcOCXgcj6z9cJ45Sapwg31zW0BhayGlqZfv/BVEKdO9mmZDloF3qlBvzK
2XOG8gUBZQLs5tj+L2K7u3hkEFOAorPPYsUrxyjfupUng/+ERWeLMpqVXLegEWXy
bcwpD9zlMLuNST3Mn/H7xlP3MqhBoaUfYNohnLhjmYvAdH5s22Ml/wJKgUDYIW7O
CvHn//azSUIP88gnupM4lnMIOnZSj0+ZREp4irbEhOUVdPZ4iAHeiRAlKBgbw3vq
sk6YGP/Y1AfHKYHpnwwOexWVrfTja4hX24dOirKAWHErE4KLtVxh0Sl8T+rFoNGp
Tj+LOA0Jrhh7u+n7pU4PGiB0x3sa9WZANgDHOmBHwnEnVoq6+BMFjpb255S40Tdw
APvsqmMiRXbszlL38J6MnQWLGHeJFV6mOo69PgB9F9HAffosrJoenmg/Zbk0DeGE
ooOLo6MnNQdLBqAbP7xmAgZ8nD2IZsvrwVLfuDL6wNcYQhqGTGXBjFNMhN6nbpod
ZLCM+VZg3sVVccAs/lWKm2ObBe9W9mc+vKZXb2r3Chsv/tBEIMqPuFAiDq8dFMGD
j9lj/+Jh0q8Lp3PhIZO/
=HXaZ
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 11 Dec 2015 07:30:14 GMT) (full text, mbox, link).
Bug unarchived.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Sat, 18 Jun 2016 13:39:11 GMT) (full text, mbox, link).
Added tag(s) sid, stretch, and jessie.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Sat, 18 Jun 2016 13:39:14 GMT) (full text, mbox, link).
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility.
(Tue, 28 Jun 2016 05:21:11 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Tue, 28 Jun 2016 05:21:11 GMT) (full text, mbox, link).
Message #42 received at 802971-close@bugs.debian.org (full text, mbox, reply):
Source: libxslt
Source-Version: 1.1.28-2+deb8u1
We believe that the bug you reported is fixed in the latest version of
libxslt, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 802971@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated libxslt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 18 Jun 2016 19:27:31 +0200
Source: libxslt
Binary: libxslt1.1 libxslt1-dev libxslt1-dbg xsltproc python-libxslt1 python-libxslt1-dbg
Architecture: source
Version: 1.1.28-2+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 802971
Description:
libxslt1-dbg - XSLT 1.0 processing library - debugging symbols
libxslt1-dev - XSLT 1.0 processing library - development kit
libxslt1.1 - XSLT 1.0 processing library - runtime library
python-libxslt1 - Python bindings for libxslt1
python-libxslt1-dbg - Python bindings for libxslt1 (debug extension)
xsltproc - XSLT 1.0 command line processor
Changes:
libxslt (1.1.28-2+deb8u1) jessie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix for type confusion in preprocessing attributes (CVE-2015-7995)
(Closes: #802971)
* Always initialize EXSLT month and day to 1
* Fix use-after-free in xsltDocumentFunctionLoadDocument
* Fix xsltNumberFormatGetMultipleLevel (CVE-2016-1683)
* Round xsl:number values to nearest integer
* Handle negative xsl:number values
* Lower bound for format token "a"
* Lower and upper bound for format token "i" (CVE-2016-1684)
* Fix double free in libexslt hash functions
* Fix buffer overflow in exsltDateFormat
* Fix OOB heap read in xsltExtModuleRegisterDynamic
Checksums-Sha1:
3d1739f99b19b9b50d0f47cf929a33cc18e08e4e 2389 libxslt_1.1.28-2+deb8u1.dsc
4df177de629b2653db322bfb891afa3c0d1fa221 3435907 libxslt_1.1.28.orig.tar.gz
b0a2c6b9b6e9873609a18205fbdc970252ef5f1d 37208 libxslt_1.1.28-2+deb8u1.debian.tar.xz
Checksums-Sha256:
d084d58d3f25cea908acf99a26bf79a6aa4d03ebd94ec3cccb3d427175ed0c80 2389 libxslt_1.1.28-2+deb8u1.dsc
5fc7151a57b89c03d7b825df5a0fae0a8d5f05674c0e7cf2937ecec4d54a028c 3435907 libxslt_1.1.28.orig.tar.gz
11a8ec5df714a2ac1a55776b1baede5d0612a29b7c5ab6cbbda22d1d49801655 37208 libxslt_1.1.28-2+deb8u1.debian.tar.xz
Files:
99de136e9b5c09c32a01a92acee05b44 2389 text optional libxslt_1.1.28-2+deb8u1.dsc
9667bf6f9310b957254fdcf6596600b7 3435907 text optional libxslt_1.1.28.orig.tar.gz
88f9b562443b447fa3f386f5348917fc 37208 text optional libxslt_1.1.28-2+deb8u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJXZYYxAAoJEAVMuPMTQ89E8ogP+wfZu0WOpdzKN+FRbxfaYNcB
wHmo2PliIm0ctbr1aL6pgS3Ei20II7gwGOeA7OzWiJllRZb5KtDP4QuGzaV/L95v
W6P4R7KFrUw5m9Z60b6VL8USQLNe0CTfgbJu9ZJHJBWaEiGfJoiaai4bg4jwF1VB
bGJdXydNpyzyC6L6TahyNgXI5plOMBy9Lai/dBqva78lrN236e+IWEi+tHRSwuCu
6JvCdxY/llvVg+bcGErmBk4h6xN/jyd4CxTh7M4SuYhj+yvNxNbc98dEUOey5fuU
Gfy1NeYYQfggV6tILVUzY9476PZOOS6dcg9622XVshp/ZquYX3MrtUQHHdMJzEv+
srwS1PPsTGh+xcnDodsrPEJkmvCIf6Ks5y+vgJ/wVtNA8XfrpYmXmcnSX5mlM09m
VCcWPPhXsDHzixaL/iGG31O1W6KjHYnQcQDc2afrML5DdS8aIJC+iPSHA+sHtSo6
dS8k9cI/l/fJQ7Tw7H5CLZhd9jq89x9EkHp6JbQ0yXsjdHBMNNSo7wqlQSLIHKLq
4lRO1YdVtQIOi5A51gcApPn7jiElVDjk1MHtW7jvnuBYvh/m1rrHAd4R9ieAzSuZ
Sgw8rPFRCoJvS347l+5pmI08Tj1JdTS4y5ouu0/fQxXVNxZhFBuK4t7xBgIGzvV4
Qk3sN4gKjqO+SPmHHKlg
=au3v
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 20 Sep 2016 07:31:34 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:34:59 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon