Package: libxslt / 1.1.29-2.1+deb9u2

Metadata

Package Version Patches format
libxslt 1.1.29-2.1+deb9u2 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
0001 patch xslt config to add private libraries.patch | (download)

libexslt.pc.in | 1 1 + 0 - 0 !
libxslt.pc.in | 1 1 + 0 - 0 !
xslt-config.in | 14 12 + 2 - 0 !
3 files changed, 14 insertions(+), 2 deletions(-)

 patch xslt-config to add private libraries


0002 fix autoconf automake.patch | (download)

configure.in | 9 5 + 4 - 0 !
1 file changed, 5 insertions(+), 4 deletions(-)

 fix autoconf automake


0003 fix typo.patch | (download)

doc/APIchunk6.html | 2 1 + 1 - 0 !
doc/APIchunk8.html | 2 1 + 1 - 0 !
doc/EXSLT/bugs.html | 8 4 + 4 - 0 !
doc/EXSLT/exslt.html | 8 4 + 4 - 0 !
doc/apibuild.py | 2 1 + 1 - 0 !
doc/html/libxslt-extra.html | 2 1 + 1 - 0 !
doc/html/libxslt-imports.html | 2 1 + 1 - 0 !
doc/html/libxslt-xsltInternals.html | 6 3 + 3 - 0 !
doc/html/libxslt-xsltutils.html | 6 3 + 3 - 0 !
doc/libxslt-api.xml | 20 10 + 10 - 0 !
doc/libxslt-refs.xml | 4 2 + 2 - 0 !
libexslt/exsltconfig.h.in | 2 1 + 1 - 0 !
libxslt/extensions.c | 2 1 + 1 - 0 !
libxslt/extra.c | 2 1 + 1 - 0 !
libxslt/imports.c | 2 1 + 1 - 0 !
libxslt/numbers.c | 4 2 + 2 - 0 !
libxslt/xsltInternals.h | 6 3 + 3 - 0 !
libxslt/xsltconfig.h.in | 4 2 + 2 - 0 !
libxslt/xsltutils.c | 14 7 + 7 - 0 !
libxslt/xsltwin32config.h.in | 4 2 + 2 - 0 !
python/tests/pyxsltproc.py | 4 2 + 2 - 0 !
tests/docbook/result/fo/gdp-handbook.fo | 2 1 + 1 - 0 !
tests/docbook/result/html/gdp-handbook.html | 2 1 + 1 - 0 !
tests/docbook/result/xhtml/gdp-handbook.xhtml | 2 1 + 1 - 0 !
tests/docbook/test/gdp-handbook.xml | 2 1 + 1 - 0 !
tests/plugins/testplugin.c | 2 1 + 1 - 0 !
xsltproc/xsltproc.c | 2 1 + 1 - 0 !
27 files changed, 59 insertions(+), 59 deletions(-)

 fix typo


0004 Make generate id deterministic.patch | (download)

libxslt/functions.c | 91 90 + 1 - 0 !
libxslt/functions.h | 7 7 + 0 - 0 !
libxslt/transform.c | 8 8 + 0 - 0 !
libxslt/xsltInternals.h | 2 2 + 0 - 0 !
4 files changed, 107 insertions(+), 1 deletion(-)

 make generate-id() provide stable ids
0005 Link with libm.patch | (download)

libxslt/Makefile.am | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 link libxslt with libm
Bug-Debian: https://bugs.debian.org/801989
0006 remove plugin in xslt config.patch | (download)

xslt-config.in | 5 0 + 5 - 0 !
1 file changed, 5 deletions(-)

---
0007 Fix heap overread in xsltFormatNumberConversion.patch | (download)

libxslt/numbers.c | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 fix heap overread in xsltformatnumberconversion
 An empty decimal-separator could cause a heap overread. This can be
 exploited to leak a couple of bytes after the buffer that holds the
 pattern string.
 .
 Found with afl-fuzz and ASan.
 .
 This is CVE-2016-4738
0008 Check for integer overflow in xsltAddTextString.patch | (download)

libxslt/transform.c | 25 22 + 3 - 0 !
libxslt/xsltInternals.h | 4 2 + 2 - 0 !
2 files changed, 24 insertions(+), 5 deletions(-)

 [patch] check for integer overflow in xsltaddtextstring

Limit buffer size in xsltAddTextString to INT_MAX. The issue can be
exploited to trigger an out of bounds write on 64-bit systems.

Originally reported to Chromium:

https://crbug.com/676623

0009 Fix security framework bypass.patch | (download)

libxslt/documents.c | 18 10 + 8 - 0 !
libxslt/imports.c | 9 5 + 4 - 0 !
libxslt/transform.c | 9 5 + 4 - 0 !
libxslt/xslt.c | 9 5 + 4 - 0 !
4 files changed, 25 insertions(+), 20 deletions(-)

 fix security framework bypass
0010 Fix uninitialized read of xsl number token.patch | (download)

libxslt/numbers.c | 5 4 + 1 - 0 !
1 file changed, 4 insertions(+), 1 deletion(-)

 fix uninitialized read of xsl:number token
0011 Fix uninitialized read with UTF 8 grouping chars.patch | (download)

libxslt/numbers.c | 5 3 + 2 - 0 !
tests/docs/bug-222.xml | 1 1 + 0 - 0 !
tests/general/bug-222.out | 2 2 + 0 - 0 !
tests/general/bug-222.xsl | 6 6 + 0 - 0 !
4 files changed, 12 insertions(+), 2 deletions(-)

 fix uninitialized read with utf-8 grouping chars
0012 Fix dangling pointer in xsltCopyText.patch | (download)

libxslt/transform.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 fix dangling pointer in xsltcopytext