[xml/sgml-pkgs] Bug#493162: libxslt1.1: buffer overflow [CVE-2008-2935]

brian m. carlson sandals at crustytoothpaste.ath.cx
Thu Jul 31 20:46:40 UTC 2008

Package: libxslt1.1
Version: 1.1.24-1
Severity: grave
Tags: security

According to DSA 1624-1:

Chris Evans discovered that a buffer overflow in the RC4 functions of
libexslt may lead to the execution of arbitrary code.

-- System Information:
Debian Release: lenny/sid
   APT prefers unstable
   APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libxslt1.1 depends on:
ii  libc6                      2.7-13        GNU C Library: Shared libraries
ii  libgcrypt11                1.4.1-1       LGPL Crypto library - runtime libr
ii  libxml2                    2.6.32.dfsg-2 GNOME XML library

libxslt1.1 recommends no packages.

libxslt1.1 suggests no packages.

-- no debconf information

brian m. carlson / brian with sandals: Houston, Texas, US
+1 713 440 7475 | http://crustytoothpaste.ath.cx/~bmc | My opinion only
troff on top of XML: http://crustytoothpaste.ath.cx/~bmc/code/thwack
OpenPGP: RSA v4 4096b 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/debian-xml-sgml-pkgs/attachments/20080731/0275792f/attachment.pgp 

More information about the debian-xml-sgml-pkgs mailing list