[Git][security-tracker-team/security-tracker][master] Track fixes for two libxslt issues fixed via unstable
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Aug 13 13:06:47 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c7a87a0c by Salvatore Bonaccorso at 2025-08-13T14:05:43+02:00
Track fixes for two libxslt issues fixed via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -8622,7 +8622,7 @@ CVE-2025-7425 (A flaw was found in libxslt where the attribute type, atype, flag
NOTE: Mitigated by https://gitlab.gnome.org/GNOME/libxml2/-/commit/9de92ed78d8495527c5d7a4d0cc76c1f83768195
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/f1e1f13b766eb580a8dcc0c4e7a447346dfd862e (2.14)
CVE-2025-7424 (A flaw was found in the libxslt library. The same memory field, psvi, ...)
- - libxslt <unfixed> (bug #1109123)
+ - libxslt 1.1.35-2 (bug #1109123)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2379228
NOTE: https://gitlab.gnome.org/GNOME/libxslt/-/issues/139
CVE-2025-7413 (A vulnerability classified as critical has been found in code-projects ...)
@@ -190260,7 +190260,7 @@ CVE-2023-40407 (The issue was addressed with improved bounds checks. This issue
CVE-2023-40406 (The issue was addressed with improved checks. This issue is fixed in m ...)
NOT-FOR-US: Apple
CVE-2023-40403 (The issue was addressed with improved memory handling. This issue is f ...)
- - libxslt <unfixed> (bug #1108074; unimportant)
+ - libxslt 1.1.35-2 (bug #1108074; unimportant)
NOTE: https://gitlab.gnome.org/GNOME/libxslt/-/issues/94
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxslt/-/commit/82f6cbf8ca61b1f9e00dc04aa3b15d563e7bbc6d (v1.1.38)
NOTE: Backports: https://gitlab.gnome.org/GNOME/libxslt/-/issues/94#note_1855467
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7a87a0cbc96a5910faaa3577eed5702659e83cb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7a87a0cbc96a5910faaa3577eed5702659e83cb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250813/b6b6dca7/attachment.htm>
More information about the debian-security-tracker-commits
mailing list