FS#53257 : [libxslt] backport security fix for CVE-2017-5029, an integer overflow in xsltAddTextString

FS#53257 - [libxslt] backport security fix for CVE-2017-5029, an integer overflow in xsltAddTextString

Attached to Project: Arch Linux
Opened by Remi Gacogne (rgacogne) - Saturday, 11 March 2017, 15:06 GMT
Last edited by Jan de Groot (JGC) - Saturday, 11 March 2017, 22:06 GMT

Task Type	Bug Report
Category	Security
Status	Closed
Assigned To	Jan de Groot (JGC) Levente Polyak (anthraxx)
Architecture	All
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Hi,

A security issue has recently been reported [1][2] in libxslt, an integer overflow triggering an out of bounds write likely leading to remote code execution. A fix for the issue has been committed to git [3] but a new version doesn't seem to be planned soon, so it would be nice if we could backport the fix in the meantime.

Thanks!

[1]: https://bugs.chromium.org/p/chromium/issues/detail?id=676623
[2]: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-5029
[3]: https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5

This task depends upon

Closed by Jan de Groot (JGC)
Saturday, 11 March 2017, 22:06 GMT
Reason for closing: Fixed
Additional comments about closing: bumped to latest git snapshot.

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#53257 - [libxslt] backport security fix for CVE-2017-5029, an integer overflow in xsltAddTextString

Details

Loading...