[xml/sgml-pkgs] Bug#945770: Segfaults running XSLT operations

Sébastien Bocahu sebastien.bocahu at afidium.com
Thu Nov 28 11:13:42 GMT 2019


Package: libxslt1.1
Version: 1.1.32-2.2~deb10u1

Running XSLT operations might result in segmentation faults with version 
1.1.32.

We experienced it running some of our apps in a Debian 10, Apache 
mod_php environment which uses Debian's stock packages. Code path is 
rather difficult to analyze & to share, so it might not be possible to 
reproduce.

However, the exact same app with exact same input was tested on the 
exact same environment except the libxslt version:

- With 1.1.32-2.2~deb10u1 (Debian's) : Segfault of Apache process:

Program terminated with signal SIGSEGV, Segmentation fault.
#0  xmlStrEqual__internal_alias (
     str2=0x6e2f6d6f632e6d75 <error: Cannot access memory at address 
0x6e2f6d6f632e6d75>,
     str1=0x558f57552cf1 "ttp://www.w3.org/2001/XMLSchema-instance") at 
../../xmlstring.c:162


- With 1.1.33 (built as Debian package from upstream libxslt sources & 
minor modifications to 1.1.32 Debian packaging sources) :

runs fine.


BTW, we don't know if it is related, but we had already identified the 
need to upgrade to 1.1.33 for our apps as we experienced bug #939785 as 
well.


I suggest replacing v1.1.32 with v1.1.33 in Buster.

Thanks,



More information about the debian-xml-sgml-pkgs mailing list