Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 27 Oct 2015 13:48:38 +0100
From: Stefan Cornelius <scorneli@...hat.com>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: CVE request: libxslt xsltStylePreCompute() type confusion DoS

Hi,

A type confusion error within the libxslt "xsltStylePreCompute()"
function in preproc.c can lead to a DoS. Confirmed in version 1.1.28,
other versions may also be affected.

Red Hat bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1257962

Proposed patch (afaik, not yet committed upstream, but I believe that
it'll happen soon):
https://bugzilla.redhat.com/attachment.cgi?id=1086465

Thanks and kind regards,
-- 
Stefan Cornelius / Red Hat Product Security

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.