[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2016-4608,libxslt: Jessie has been fixed already

Mon Jul 22 13:41:22 BST 2019


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
586fcf1e by Markus Koschany at 2019-07-22T12:38:57Z
CVE-2016-4608,libxslt: Jessie has been fixed already

This issue was fixed in version 1.1.28-2+deb8u1 by applying the

0018-Fix-buffer-overflow-in-exsltDateFormat.patch.

- - - - -
27f071c3 by Markus Koschany at 2019-07-22T12:40:10Z
CVE-2019-13118,CVE-2019-13117,libxslt: remove no-dsa tags for Jessie

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3436,7 +3436,6 @@ CVE-2019-13118 (In numbers.c in libxslt 1.1.33, a type holding grouping characte
 	- libxslt <unfixed> (low; bug #931320)
 	[buster] - libxslt <no-dsa> (Minor issue)
 	[stretch] - libxslt <no-dsa> (Minor issue)
-	[jessie] - libxslt <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069
 	NOTE: https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b
 	NOTE: https://oss-fuzz.com/testcase-detail/5197371471822848
@@ -3444,7 +3443,6 @@ CVE-2019-13117 (In numbers.c in libxslt 1.1.33, an xsl:number with certain forma
 	- libxslt <unfixed> (low; bug #931321)
 	[buster] - libxslt <no-dsa> (Minor issue)
 	[stretch] - libxslt <no-dsa> (Minor issue)
-	[jessie] - libxslt <no-dsa> (Minor issue)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471
 	NOTE: https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1
 	NOTE: https://oss-fuzz.com/testcase-detail/5631739747106816
@@ -160502,6 +160500,7 @@ CVE-2016-4609 (libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes be
 	NOTE: https://gitlab.gnome.org/GNOME/libxslt/commit/8b90c9a699e0eaa98bbeec63a473ddc73aaa238c (v1.1.29-rc1)
 CVE-2016-4608 (libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before  ...)
 	- libxslt 1.1.29-1
+	[jessie] - libxslt 1.1.28-2+deb8u1
 	NOTE: https://gitlab.gnome.org/GNOME/libxslt/commit/5d0c6565bab5b9b7efceb33b626916d22b4101a7 (v1.1.29-rc1)
 CVE-2016-4607 (libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before  ...)
 	NOT-FOR-US: Potentially src:libxslt, but Apple doesn't play by the rules



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d3ebacbfecd38b52462a3a33c93f2427b24a610b...27f071c374cf254fb9ebf7faa0685bdd797bc230

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d3ebacbfecd38b52462a3a33c93f2427b24a610b...27f071c374cf254fb9ebf7faa0685bdd797bc230
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190722/4006cdd1/attachment.html>
