Community Packages

Please read this before reporting a bug:
http://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines

Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#53270 - [lib32-libxslt] Backport security fixes including the one for CVE-2017-5029

Attached to Project: Community Packages
Opened by Remi Gacogne (rgacogne) - Sunday, 12 March 2017, 13:01 GMT
Last edited by Sven-Hendrik Haase (Svenstaro) - Tuesday, 11 April 2017, 09:28 GMT
Task Type Bug Report
Category Security
Status Closed
Assigned To Sven-Hendrik Haase (Svenstaro)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Hi,

Several security fixes [1][2][3][4][5] have been committed to the libxslt repository since the last release, but a new release doesn't seem to be planned soon. So of them are only DoS material but one [5] at least can lead to arbitrary code execution and has been assigned CVE-2017-5029. The libxslt package has been updated to backport most of those fixes, and it would be nice if the lib32-xslt package could follow the lead.

Thanks!

[1]: https://git.gnome.org/browse/libxslt/commit/?id=7893a4685d76e22fc77c6cecec9b8771359e51bd
[2]: https://git.gnome.org/browse/libxslt/commit/?id=eb1030de31165b68487f288308f9d1810fed6880
[3]: https://git.gnome.org/browse/libxslt/commit/?id=bf6c947bf6b77d28344829cd489b1f19eeb26536
[4]: https://git.gnome.org/browse/libxslt/commit/?id=8ee72e493542cc61a0d539143195979adefb5890
[5]: https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5
This task depends upon

Closed by  Sven-Hendrik Haase (Svenstaro)
Tuesday, 11 April 2017, 09:28 GMT
Reason for closing:  Fixed

Loading...