FS#53257 - [libxslt] backport security fix for CVE-2017-5029, an integer overflow in xsltAddTextString
Attached to Project:
Arch Linux
Opened by Remi Gacogne (rgacogne) - Saturday, 11 March 2017, 15:06 GMT
Last edited by Jan de Groot (JGC) - Saturday, 11 March 2017, 22:06 GMT
Opened by Remi Gacogne (rgacogne) - Saturday, 11 March 2017, 15:06 GMT
Last edited by Jan de Groot (JGC) - Saturday, 11 March 2017, 22:06 GMT
|
Details
Hi,
A security issue has recently been reported [1][2] in libxslt, an integer overflow triggering an out of bounds write likely leading to remote code execution. A fix for the issue has been committed to git [3] but a new version doesn't seem to be planned soon, so it would be nice if we could backport the fix in the meantime. Thanks! [1]: https://bugs.chromium.org/p/chromium/issues/detail?id=676623 [2]: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-5029 [3]: https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5 |
This task depends upon
Closed by Jan de Groot (JGC)
Saturday, 11 March 2017, 22:06 GMT
Reason for closing: Fixed
Additional comments about closing: bumped to latest git snapshot.
Saturday, 11 March 2017, 22:06 GMT
Reason for closing: Fixed
Additional comments about closing: bumped to latest git snapshot.