Date: Mon, 25 Mar 2013 17:04:05 +0100 From: Agostino Sarubbo <ago@...too.org> To: oss-security@...ts.openwall.com Subject: CVE request: libxslt "xsltDocumentFunction()" and "xsltAddKey()" Denial of Service Vulnerabilities >From the secunia advisory: https://secunia.com/advisories/52805/ 1) An error within the "xsltDocumentFunction()" function (libxslt/functions.c) when parsing XSL templates can be exploited to cause a crash. Commit code: http://git.gnome.org/browse/libxslt/commit/?id=6c99c519d97e5fcbec7a9537d190efb442e4e833 2) A NULL-pointer dereference error within the "xsltAddKey()" function (libxslt/keys.c) when parsing XSL keys can be exploited to cause a crash. Commit code: http://git.gnome.org/browse/libxslt/commit/?id=dc11b6b379a882418093ecc8adf11f6166682e8d Both issue are fixed in the version 1.1.28 -- Agostino Sarubbo Gentoo Linux Developer
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ