From mkesper at web.de Tue Aug 2 15:11:57 2022 From: mkesper at web.de (Michael Kesper) Date: Tue, 02 Aug 2022 16:11:57 +0200 Subject: [xml/sgml-pkgs] Bug#1016533: libxslt1.1: CVE-2021-30560 not fixed in stable Message-ID: <165944951778.153617.5709392492852990694.reportbug@Debian11> Package: libxslt1.1 Version: 1.1.34-4 Severity: important X-Debbugs-Cc: mkesper at web.de Dear Maintainer, please apply the upstream patch for CVE-2021-30560 to libxslt in Debian stable (bullseye). This is a non-disputed security issue and chromium was fixed but not libxslt. https://security-tracker.debian.org/tracker/CVE-2021-30560 Best regards Michael -- System Information: Debian Release: 11.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'proposed-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-16-amd64 (SMP w/6 CPU threads) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de:en_US Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libxslt1.1 depends on: ii libc6 2.31-13+deb11u3 ii libgcrypt20 1.8.7-6 ii libxml2 2.9.10+dfsg-6.7+deb11u2 libxslt1.1 recommends no packages. libxslt1.1 suggests no packages. -- no debconf information From gio at debian.org Sun Aug 21 14:27:28 2022 From: gio at debian.org (Giovanni Mascellani) Date: Sun, 21 Aug 2022 15:27:28 +0200 Subject: [xml/sgml-pkgs] Boost FTBFS with libxslt 1.1.35 Message-ID: <0d9e0eae-b641-348e-eaa6-a30d52f461aa@debian.org> Hi, I am investigating bug 1016321[1], which is triggered by libxslt 1.1.35. I don't know much about XSLT, so in case you have something wise to add there, that would be helpful. [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016321 TBH, my current (very vague) understanding is that the bug is upstream, not in libxslt 1.1.35, but maybe you still have a better idea than me about how to solve it. Thanks, Giovanni. From ftpmaster at ftp-master.debian.org Wed Aug 24 16:21:33 2022 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Wed, 24 Aug 2022 15:21:33 +0000 Subject: [xml/sgml-pkgs] libxslt_1.1.34-4+deb11u1_sourceonly.changes ACCEPTED into proposed-updates->stable-new Message-ID: Mapping stable-security to proposed-updates. Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 22 Aug 2022 21:15:10 +0200 Source: libxslt Architecture: source Version: 1.1.34-4+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Debian XML/SGML Group Changed-By: Salvatore Bonaccorso Changes: libxslt (1.1.34-4+deb11u1) bullseye-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix use-after-free in xsltApplyTemplates (CVE-2021-30560) Checksums-Sha1: 37e716dcc4bd0c9cfc8894565d3959758d2bdbc9 2562 libxslt_1.1.34-4+deb11u1.dsc 5b42a1166a1688207028e4a5e72090828dd2a61e 3552258 libxslt_1.1.34.orig.tar.gz 2c03db476a27bfbaa6194c8700007925945b7ed8 488 libxslt_1.1.34.orig.tar.gz.asc 7119773e3f394f4bea3240c958ad53d85b8249e2 23152 libxslt_1.1.34-4+deb11u1.debian.tar.xz Checksums-Sha256: 0dec0521f4d7cfc08bd61c4d4aa82866881962c12f1429f730830c79c6678e93 2562 libxslt_1.1.34-4+deb11u1.dsc 98b1bd46d6792925ad2dfe9a87452ea2adebf69dcb9919ffd55bf926a7f93f7f 3552258 libxslt_1.1.34.orig.tar.gz 673d1477552bdd5b0cc665704e77ca70e6be5d2f257e6a5a341c846719d747cf 488 libxslt_1.1.34.orig.tar.gz.asc 0272cab003bb5fe7105d54f3023c806062c818082df4d791fd45dbf526b801f8 23152 libxslt_1.1.34-4+deb11u1.debian.tar.xz Files: 33addf5e30abb28d247b4ac76f80848b 2562 text optional libxslt_1.1.34-4+deb11u1.dsc db8765c8d076f1b6caafd9f2542a304a 3552258 text optional libxslt_1.1.34.orig.tar.gz 0b982649f3a726af7f54312a2dba1e1d 488 text optional libxslt_1.1.34.orig.tar.gz.asc 77b9939d8c0f73d5f6c5c9d589e2b562 23152 text optional libxslt_1.1.34-4+deb11u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmMD1qJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EKsIP/i8PFqUp/jufBSTpQ49Gq/RNpdxAZ/px UGSj76dsvRa3pDAF6KwLTB2O66Ij3HVIn+ijVYUoeAtPP77eI2Uo5SzTarL85WZ6 RJIXXfH1bI82OPsot02O/V4F1xddoxCqyGTbwFNTP7s49ga59D9BA41rqt4zdABB Xm1st+61MY75q1HPf4Rn5vP4aiuiqrgTLDGVP+GdA1euCLyCi1VOdKtG3oQeoT/G kZJW8sRwvwmAJl54x/R6qQScOTVIUrBTNVZeg1SbNKOfKzTTaVzA013hIoN2lVxp bagla7PmRzHNMk3ur2GVNnDX83OHnyqKbkKE1Uxk8y9BfQSyUw4H8YAwTJ1ZrhUu TuvUCxbFJNlLAbVgOx7A9XWdrHhRmWevLj7acZr0UaFDZS3P37V8oMz4Xv368C2D 4lw5oB9fYJ2tY/rnK/fkvCDMj7ASdfwvCJZesMvTMj9QLQQmlwGNN4z8m19YKv2l Vs102Gt+crU2At3ZU2tXG5hMiHhgSoUQ44nNPmfsMNYZ1cSIRRKeE57xfIekgDEQ IRX9R977vWbz9/bXGGBMxFJQsR2oi+IurkF8tJAVn3O/dlY/BqR7YJswPuVmYf5A m+tw40r6n0wqI03Gwp4QPAWDvNTiLZUNjXCLWOikbKiFsoppE/i5eCCqJMsAftmN HuOV8RYgizYV =UTzC -----END PGP SIGNATURE----- Thank you for your contribution to Debian. From ftpmaster at ftp-master.debian.org Fri Aug 26 19:32:10 2022 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Fri, 26 Aug 2022 18:32:10 +0000 Subject: [xml/sgml-pkgs] libxslt_1.1.34-4+deb11u1_sourceonly.changes ACCEPTED into proposed-updates->stable-new, proposed-updates Message-ID: Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 22 Aug 2022 21:15:10 +0200 Source: libxslt Architecture: source Version: 1.1.34-4+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Debian XML/SGML Group Changed-By: Salvatore Bonaccorso Changes: libxslt (1.1.34-4+deb11u1) bullseye-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix use-after-free in xsltApplyTemplates (CVE-2021-30560) Checksums-Sha1: 37e716dcc4bd0c9cfc8894565d3959758d2bdbc9 2562 libxslt_1.1.34-4+deb11u1.dsc 5b42a1166a1688207028e4a5e72090828dd2a61e 3552258 libxslt_1.1.34.orig.tar.gz 2c03db476a27bfbaa6194c8700007925945b7ed8 488 libxslt_1.1.34.orig.tar.gz.asc 7119773e3f394f4bea3240c958ad53d85b8249e2 23152 libxslt_1.1.34-4+deb11u1.debian.tar.xz Checksums-Sha256: 0dec0521f4d7cfc08bd61c4d4aa82866881962c12f1429f730830c79c6678e93 2562 libxslt_1.1.34-4+deb11u1.dsc 98b1bd46d6792925ad2dfe9a87452ea2adebf69dcb9919ffd55bf926a7f93f7f 3552258 libxslt_1.1.34.orig.tar.gz 673d1477552bdd5b0cc665704e77ca70e6be5d2f257e6a5a341c846719d747cf 488 libxslt_1.1.34.orig.tar.gz.asc 0272cab003bb5fe7105d54f3023c806062c818082df4d791fd45dbf526b801f8 23152 libxslt_1.1.34-4+deb11u1.debian.tar.xz Files: 33addf5e30abb28d247b4ac76f80848b 2562 text optional libxslt_1.1.34-4+deb11u1.dsc db8765c8d076f1b6caafd9f2542a304a 3552258 text optional libxslt_1.1.34.orig.tar.gz 0b982649f3a726af7f54312a2dba1e1d 488 text optional libxslt_1.1.34.orig.tar.gz.asc 77b9939d8c0f73d5f6c5c9d589e2b562 23152 text optional libxslt_1.1.34-4+deb11u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmMD1qJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EKsIP/i8PFqUp/jufBSTpQ49Gq/RNpdxAZ/px UGSj76dsvRa3pDAF6KwLTB2O66Ij3HVIn+ijVYUoeAtPP77eI2Uo5SzTarL85WZ6 RJIXXfH1bI82OPsot02O/V4F1xddoxCqyGTbwFNTP7s49ga59D9BA41rqt4zdABB Xm1st+61MY75q1HPf4Rn5vP4aiuiqrgTLDGVP+GdA1euCLyCi1VOdKtG3oQeoT/G kZJW8sRwvwmAJl54x/R6qQScOTVIUrBTNVZeg1SbNKOfKzTTaVzA013hIoN2lVxp bagla7PmRzHNMk3ur2GVNnDX83OHnyqKbkKE1Uxk8y9BfQSyUw4H8YAwTJ1ZrhUu TuvUCxbFJNlLAbVgOx7A9XWdrHhRmWevLj7acZr0UaFDZS3P37V8oMz4Xv368C2D 4lw5oB9fYJ2tY/rnK/fkvCDMj7ASdfwvCJZesMvTMj9QLQQmlwGNN4z8m19YKv2l Vs102Gt+crU2At3ZU2tXG5hMiHhgSoUQ44nNPmfsMNYZ1cSIRRKeE57xfIekgDEQ IRX9R977vWbz9/bXGGBMxFJQsR2oi+IurkF8tJAVn3O/dlY/BqR7YJswPuVmYf5A m+tw40r6n0wqI03Gwp4QPAWDvNTiLZUNjXCLWOikbKiFsoppE/i5eCCqJMsAftmN HuOV8RYgizYV =UTzC -----END PGP SIGNATURE----- Thank you for your contribution to Debian.