[xml/sgml-pkgs] Bug#926895: libxslt: CVE-2019-11068
Moritz Mühlenhoff
jmm at inutil.org
Sun Apr 21 21:02:56 BST 2019
On Thu, Apr 11, 2019 at 10:46:05PM +0200, Salvatore Bonaccorso wrote:
> Source: libxslt
> Version: 1.1.32-2
> Severity: important
> Tags: security upstream
> Forwarded: https://gitlab.gnome.org/GNOME/libxslt/issues/12
>
> Hi,
>
> The following vulnerability was published for libxslt.
>
> CVE-2019-11068[0]:
> | libxslt through 1.1.33 allows bypass of a protection mechanism because
> | callers of xsltCheckRead and xsltCheckWrite permit access even upon
> | receiving a -1 error code. xsltCheckRead can return -1 for a crafted
> | URL that is not actually invalid and is subsequently loaded.
I submitted an MR at salsa.
Cheers,
Moritz
More information about the debian-xml-sgml-pkgs
mailing list