[xml/sgml-pkgs] Bug#858546: CVE-2017-5029: Integer overflow in xsltAddTextString
Raphael Hertzog
hertzog at debian.org
Thu Mar 23 10:34:05 UTC 2017
Source: libxslt
Severity: important
Tags: security patch
Hi,
the following vulnerability was published for libxslt. The issue can be
exploited to trigger an out of bounds write on 64-bit systems.
CVE-2017-5029[0]:
Integer overflow in xsltAddTextString
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
Upstream has committed a patch here:
https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-5029
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5029
Please adjust the affected versions in the BTS as needed.
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/
More information about the debian-xml-sgml-pkgs
mailing list