[xml/sgml-pkgs] Bug#482664: Bug#482664: CVE-2008-1767: buffver overflow in pattern.c

Mike Hommey mh at glandium.org
Sat May 24 15:36:49 UTC 2008


On Sun, May 25, 2008 at 01:16:26AM +1000, Steffen Joeris wrote:
> Hi Mike
> 
> On Sun, 25 May 2008 01:01:52 am Mike Hommey wrote:
> > On Sat, May 24, 2008 at 08:16:05PM +1000, Steffen Joeris wrote:
> > > Package: libxslt1.1
> > > Version: 1.1.23-1
> > > Severity: grave
> > > Tags: security, patch
> > > Justification: user security hole
> > >
> > > Hi
> > >
> > > The following CVE(0) has been issued against libxslt.
> > >
> > > CVE-2008-1767:
> > >
> > > Buffer overflow in pattern.c in libxslt before 1.1.24 allows
> > > context-dependent attackers to cause a denial of service (crash) and
> > > possibly execute arbitrary code via an XSL style sheet file with a long
> > > XSLT "transformation match" condition that triggers a large number of
> > > steps.
> > >
> > > Upstream patch is attached.
> > >
> > > Please mention the CVE id in your changelog, when you fix this bug.
> >
> > I haven't had time to take a deep look at the issue. Anyways, uploading
> > 1.1.24 in unstable (which was planned) should fix this. Is an update
> > for stable required ? Or is the security team already working on it?
> Thanks for your efforts.
> Depending on how stable the new upstream release is, maybe it could be 
> uploaded with a higher urgency. For the testing-security team, it would be 
> great to get that bug fixed in testing.

Actually, the new release is much better than the version currently in
testing, which has a broken support for xslt keys.

Mike





More information about the debian-xml-sgml-pkgs mailing list