Ubuntu
libxslt package

Change logs for libxslt source package in Lucid

  1. Lucid (10.04)
  2. Change log 
  • libxslt (1.1.26-1ubuntu1.2) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service via malformed stylesheet
    - libxslt/functions.c, libxslt/keys.c: check for empty values
      tests/*: add tests
    - dc11b6b379a882418093ecc8adf11f6166682e8d
    - 6c99c519d97e5fcbec7a9537d190efb442e4e833
    - CVE-2012-6139
 -- Marc Deslauriers <email address hidden>   Thu, 28 Mar 2013 13:09:03 -0400
  • libxslt (1.1.26-1ubuntu1.1) lucid-security; urgency=low

  * SECURITY UPDATE: information disclosure via generate-id XPath function
    - libxslt/functions.c: do not expose object addresses directly.
    - ecb6bcb8d1b7e44842edde3929f412d46b40c89f
    - CVE-2011-1202
  * SECURITY UPDATE: denial of service via out-of-bounds read
    - libxslt/pattern.c: fix improper loop exit.
    - fe5a4fa33eb85bce3253ed3742b1ea6c4b59b41b
    - CVE-2011-3970
  * SECURITY UPDATE: denial of service via out-of-bounds read
    - libxslt/xsltutils.h: check for XML_ELEMENT_NODE
    - e6a0bc8081271f33b9899eb78e1da1a2a0428419
    - CVE-2012-2825
  * SECURITY UPDATE: denial of service via crafted XSLT expression
    - harden code in libexslt/functions.c, libxslt/attributes.c,
      libxslt/functions.c, libxslt/pattern.c, libxslt/preproc.c,
      libxslt/templates.c, libxslt/transform.c, libxslt/variables.c,
      libxslt/xslt.c, libxslt/xsltutils.c.
    - 8566ab4a10158d195adb5f1f61afe1ee8bfebd12
    - 4da0f7e207f14a03daad4663865c285eb27f93e9
    - 24653072221e76d2f1f06aa71225229b532f8946
    - 1564b30e994602a95863d9716be83612580a2fed
    - CVE-2012-2870
  * SECURITY UPDATE: denial of service and possible code execution during
    handling of XSL transforms
    - libxslt/transform.c: check for XML_NAMESPACE_DECL
    - 937ba2a3eb42d288f53c8adc211bd1122869f0bf
    - CVE-2012-2871
  * SECURITY UPDATE: denial of service and possible code execution via
    double free during XSL transforms
    - libxslt/templates.c: Fix dictionary string usage
    - 54977ed7966847e305a2008cb18892df26eeb065
    - CVE-2012-2893
 -- Marc Deslauriers <email address hidden>   Fri, 28 Sep 2012 15:28:47 -0400
  • libxslt (1.1.26-1ubuntu1) lucid; urgency=low

  * Merge with Debian; remaining changes:
    Build a python-libxslt1-dbg package.

libxslt (1.1.26-1) unstable; urgency=low

  * New upstream release.
    + Allow both --xinclude and --output options at the same time in xsltproc.
      Closes: #497585.
 -- Matthias Klose <email address hidden>   Tue, 19 Jan 2010 13:15:06 +0100
  • libxslt (1.1.24-2ubuntu2) jaunty; urgency=low

  * Build for python2.6.

 -- Matthias Klose <email address hidden>   Sun, 22 Feb 2009 12:31:19 +0100