Author: Ubuntu Git Importer
Author Date: 2019-09-07 17:57:38 UTC

DSC file for 1.1.29-2.1+deb9u1

Author: Salvatore Bonaccorso
Author Date: 2019-08-24 12:04:13 UTC

Import patches-applied version 1.1.29-2.1+deb9u1 to applied/debian/stretch

Imported using git-ubuntu import.

Changelog parent: 0c0b71536c8d2063f7b927485efc84af8a8a1fb3
Unapplied parent: 7e7605f378a422f95087c0ed4260ca68ab4e3810

New changelog entries:
  * Non-maintainer upload.
  * Fix security framework bypass (CVE-2019-11068) (Closes: #926895, #933743)
  * Fix uninitialized read of xsl:number token (CVE-2019-13117)
    (Closes: #931321, #933743)
  * Fix uninitialized read with UTF-8 grouping chars (CVE-2019-13118)
    (Closes: #931320, #933743)

Author: Salvatore Bonaccorso
Author Date: 2019-08-24 12:04:13 UTC

Import patches-unapplied version 1.1.29-2.1+deb9u1 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: 2136629d525e5c36d77a8d6934c552d674f941d4

New changelog entries:
  * Non-maintainer upload.
  * Fix security framework bypass (CVE-2019-11068) (Closes: #926895, #933743)
  * Fix uninitialized read of xsl:number token (CVE-2019-13117)
    (Closes: #931321, #933743)
  * Fix uninitialized read with UTF-8 grouping chars (CVE-2019-13118)
    (Closes: #931320, #933743)

Author: Salvatore Bonaccorso
Author Date: 2019-08-09 19:49:31 UTC

Import patches-unapplied version 1.1.32-2.1~deb10u1 to debian/buster

Imported using git-ubuntu import.

Changelog parent: c210edde75f321b55c43421344fdb76d459da575

New changelog entries:
  * Rebuild for buster

Author: Salvatore Bonaccorso
Author Date: 2019-08-09 19:49:31 UTC

Import patches-applied version 1.1.32-2.1~deb10u1 to applied/debian/buster

Imported using git-ubuntu import.

Changelog parent: 4e915865f3e738f303fe351ce1437ed517932b4f
Unapplied parent: c0b8958429fb83c996e28bd174cfdeb197dad3d0

New changelog entries:
  * Rebuild for buster

Author: Ubuntu Git Importer
Author Date: 2019-08-28 14:13:29 UTC

DSC file for 1.1.33-0ubuntu1

Author: Sebastien Bacher
Author Date: 2019-08-27 15:01:01 UTC

Import patches-unapplied version 1.1.33-0ubuntu1 to ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: c210edde75f321b55c43421344fdb76d459da575

New changelog entries:
  * New upstream version
  * debian/patches/0003-fix-typo.patch:
    - removed, fixed in the new version

Author: Sebastien Bacher
Author Date: 2019-08-27 15:01:01 UTC

Import patches-unapplied version 1.1.33-0ubuntu1 to ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: c210edde75f321b55c43421344fdb76d459da575

New changelog entries:
  * New upstream version
  * debian/patches/0003-fix-typo.patch:
    - removed, fixed in the new version

Author: Sebastien Bacher
Author Date: 2019-08-27 15:01:01 UTC

Import patches-unapplied version 1.1.33-0ubuntu1 to ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: c210edde75f321b55c43421344fdb76d459da575

New changelog entries:
  * New upstream version
  * debian/patches/0003-fix-typo.patch:
    - removed, fixed in the new version

Author: Sebastien Bacher
Author Date: 2019-08-27 15:01:01 UTC

Import patches-unapplied version 1.1.33-0ubuntu1 to ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: c210edde75f321b55c43421344fdb76d459da575

New changelog entries:
  * New upstream version
  * debian/patches/0003-fix-typo.patch:
    - removed, fixed in the new version

Author: Salvatore Bonaccorso
Author Date: 2019-08-04 06:14:05 UTC

Import patches-unapplied version 1.1.32-2.1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: fd08b9edec2be8de787675e5cfb101d180910d81

New changelog entries:
  * Non-maintainer upload.
  * Fix security framework bypass (CVE-2019-11068) (Closes: #926895, #933743)
  * Fix uninitialized read of xsl:number token (CVE-2019-13117)
    (Closes: #931321, #933743)
  * Fix uninitialized read with UTF-8 grouping chars (CVE-2019-13118)
    (Closes: #931320, #933743)

Author: Salvatore Bonaccorso
Author Date: 2019-08-04 06:14:05 UTC

Import patches-applied version 1.1.32-2.1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: c21b98ba954c1d90cb7b4cbecb41d9a0357c7137
Unapplied parent: 154d7defb4a5c27bc8ef683caf83e5d8121aa9f8

New changelog entries:
  * Non-maintainer upload.
  * Fix security framework bypass (CVE-2019-11068) (Closes: #926895, #933743)
  * Fix uninitialized read of xsl:number token (CVE-2019-13117)
    (Closes: #931321, #933743)
  * Fix uninitialized read with UTF-8 grouping chars (CVE-2019-13118)
    (Closes: #931320, #933743)

Author: Leonidas S. Barbosa
Author Date: 2019-04-12 17:03:06 UTC

Import patches-unapplied version 1.1.28-2.1ubuntu0.2 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 08eae9351d283394ef2cb94211f73165dde4a685

New changelog entries:
  * SECURITY UPDATE: Bypass of protection mechanism
    - debian/patches/CVE-2019-11068.patch: Fix security
      framework bypass checking for returns equal or less
      -1 in libxslt/documents.c, libxslt/imports.c,
      libxslt/transform.c,libxslt/xslt.c.
    - CVE-2019-11068

Author: Leonidas S. Barbosa
Author Date: 2019-04-12 16:56:36 UTC

Import patches-unapplied version 1.1.29-5ubuntu0.1 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 571237ee76845cb20ff8926bf65ceb5a9383c33e

New changelog entries:
  * SECURITY UPDATE: Bypass of protection mechanism
    - debian/patches/CVE-2019-11068.patch: Fix security
      framework bypass checking for returns equal or less
      -1 in libxslt/documents.c, libxslt/imports.c,
      libxslt/transform.c,libxslt/xslt.c.
    - CVE-2019-11068

Author: Leonidas S. Barbosa
Author Date: 2019-04-12 16:56:36 UTC

Import patches-unapplied version 1.1.29-5ubuntu0.1 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 571237ee76845cb20ff8926bf65ceb5a9383c33e

New changelog entries:
  * SECURITY UPDATE: Bypass of protection mechanism
    - debian/patches/CVE-2019-11068.patch: Fix security
      framework bypass checking for returns equal or less
      -1 in libxslt/documents.c, libxslt/imports.c,
      libxslt/transform.c,libxslt/xslt.c.
    - CVE-2019-11068

Author: Leonidas S. Barbosa
Author Date: 2019-04-12 16:56:36 UTC

Import patches-unapplied version 1.1.29-5ubuntu0.1 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 571237ee76845cb20ff8926bf65ceb5a9383c33e

New changelog entries:
  * SECURITY UPDATE: Bypass of protection mechanism
    - debian/patches/CVE-2019-11068.patch: Fix security
      framework bypass checking for returns equal or less
      -1 in libxslt/documents.c, libxslt/imports.c,
      libxslt/transform.c,libxslt/xslt.c.
    - CVE-2019-11068

Author: Leonidas S. Barbosa
Author Date: 2019-04-12 17:10:20 UTC

Import patches-unapplied version 1.1.28-2ubuntu0.2 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: a88da1aa75a3bef09e16521cf00561803344dc63

New changelog entries:
  * SECURITY UPDATE: Bypass of protection mechanism
    - debian/patches/CVE-2019-11068.patch: Fix security
      framework bypass checking for returns equal or less
      -1 in libxslt/documents.c, libxslt/imports.c,
      libxslt/transform.c,libxslt/xslt.c.
    - CVE-2019-11068

Author: Leonidas S. Barbosa
Author Date: 2019-04-12 17:10:20 UTC

Import patches-unapplied version 1.1.28-2ubuntu0.2 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: a88da1aa75a3bef09e16521cf00561803344dc63

New changelog entries:
  * SECURITY UPDATE: Bypass of protection mechanism
    - debian/patches/CVE-2019-11068.patch: Fix security
      framework bypass checking for returns equal or less
      -1 in libxslt/documents.c, libxslt/imports.c,
      libxslt/transform.c,libxslt/xslt.c.
    - CVE-2019-11068

Author: Leonidas S. Barbosa
Author Date: 2019-04-12 17:10:20 UTC

Import patches-unapplied version 1.1.28-2ubuntu0.2 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: a88da1aa75a3bef09e16521cf00561803344dc63

New changelog entries:
  * SECURITY UPDATE: Bypass of protection mechanism
    - debian/patches/CVE-2019-11068.patch: Fix security
      framework bypass checking for returns equal or less
      -1 in libxslt/documents.c, libxslt/imports.c,
      libxslt/transform.c,libxslt/xslt.c.
    - CVE-2019-11068

Author: Leonidas S. Barbosa
Author Date: 2019-04-12 16:44:12 UTC

Import patches-unapplied version 1.1.32-2ubuntu0.1 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: fd08b9edec2be8de787675e5cfb101d180910d81

New changelog entries:
  * SECURITY UPDATE: Bypass of protection mechanism
    - debian/patches/CVE-2019-11068.patch: Fix security
      framework bypass checking for returns equal or less
      -1 in libxslt/documents.c, libxslt/imports.c,
      libxslt/transform.c,libxslt/xslt.c.
    - CVE-2019-11068

Author: Leonidas S. Barbosa
Author Date: 2019-04-12 16:44:12 UTC

Import patches-unapplied version 1.1.32-2ubuntu0.1 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: fd08b9edec2be8de787675e5cfb101d180910d81

New changelog entries:
  * SECURITY UPDATE: Bypass of protection mechanism
    - debian/patches/CVE-2019-11068.patch: Fix security
      framework bypass checking for returns equal or less
      -1 in libxslt/documents.c, libxslt/imports.c,
      libxslt/transform.c,libxslt/xslt.c.
    - CVE-2019-11068

Author: Leonidas S. Barbosa
Author Date: 2019-04-12 16:44:12 UTC

Import patches-unapplied version 1.1.32-2ubuntu0.1 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: fd08b9edec2be8de787675e5cfb101d180910d81

New changelog entries:
  * SECURITY UPDATE: Bypass of protection mechanism
    - debian/patches/CVE-2019-11068.patch: Fix security
      framework bypass checking for returns equal or less
      -1 in libxslt/documents.c, libxslt/imports.c,
      libxslt/transform.c,libxslt/xslt.c.
    - CVE-2019-11068

Author: Leonidas S. Barbosa
Author Date: 2019-04-12 16:44:12 UTC

Import patches-unapplied version 1.1.32-2ubuntu0.1 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: fd08b9edec2be8de787675e5cfb101d180910d81

New changelog entries:
  * SECURITY UPDATE: Bypass of protection mechanism
    - debian/patches/CVE-2019-11068.patch: Fix security
      framework bypass checking for returns equal or less
      -1 in libxslt/documents.c, libxslt/imports.c,
      libxslt/transform.c,libxslt/xslt.c.
    - CVE-2019-11068

Author: Leonidas S. Barbosa
Author Date: 2019-04-12 16:44:12 UTC

Import patches-unapplied version 1.1.32-2ubuntu0.1 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: fd08b9edec2be8de787675e5cfb101d180910d81

New changelog entries:
  * SECURITY UPDATE: Bypass of protection mechanism
    - debian/patches/CVE-2019-11068.patch: Fix security
      framework bypass checking for returns equal or less
      -1 in libxslt/documents.c, libxslt/imports.c,
      libxslt/transform.c,libxslt/xslt.c.
    - CVE-2019-11068

Author: Leonidas S. Barbosa
Author Date: 2019-04-12 17:03:06 UTC

Import patches-unapplied version 1.1.28-2.1ubuntu0.2 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 08eae9351d283394ef2cb94211f73165dde4a685

New changelog entries:
  * SECURITY UPDATE: Bypass of protection mechanism
    - debian/patches/CVE-2019-11068.patch: Fix security
      framework bypass checking for returns equal or less
      -1 in libxslt/documents.c, libxslt/imports.c,
      libxslt/transform.c,libxslt/xslt.c.
    - CVE-2019-11068

Author: Leonidas S. Barbosa
Author Date: 2019-04-12 17:03:06 UTC

Import patches-unapplied version 1.1.28-2.1ubuntu0.2 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 08eae9351d283394ef2cb94211f73165dde4a685

New changelog entries:
  * SECURITY UPDATE: Bypass of protection mechanism
    - debian/patches/CVE-2019-11068.patch: Fix security
      framework bypass checking for returns equal or less
      -1 in libxslt/documents.c, libxslt/imports.c,
      libxslt/transform.c,libxslt/xslt.c.
    - CVE-2019-11068

Author: Leonidas S. Barbosa
Author Date: 2019-04-12 16:44:12 UTC

Import patches-unapplied version 1.1.32-2ubuntu0.1 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: fd08b9edec2be8de787675e5cfb101d180910d81

New changelog entries:
  * SECURITY UPDATE: Bypass of protection mechanism
    - debian/patches/CVE-2019-11068.patch: Fix security
      framework bypass checking for returns equal or less
      -1 in libxslt/documents.c, libxslt/imports.c,
      libxslt/transform.c,libxslt/xslt.c.
    - CVE-2019-11068

Author: Mattia Rizzolo
Author Date: 2018-05-26 21:12:37 UTC

Import patches-unapplied version 1.1.32-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 696c8860e0f0836bbe78bebe55b9b804d3e093c2

New changelog entries:
  * Team upload.
  * Add missing Build-Depends on pkg-config.

Author: Mattia Rizzolo
Author Date: 2018-05-26 21:12:37 UTC

Import patches-unapplied version 1.1.32-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 696c8860e0f0836bbe78bebe55b9b804d3e093c2

New changelog entries:
  * Team upload.
  * Add missing Build-Depends on pkg-config.

Author: Ubuntu Git Importer
Author Date: 2018-03-22 21:24:27 UTC

pristine-tar data for libxslt_1.1.29.orig.tar.gz

Author: Ubuntu Git Importer
Author Date: 2018-03-22 20:47:58 UTC

pristine-tar data for libxslt_1.1.29.orig.tar.gz

Author: Mattia Rizzolo
Author Date: 2017-11-15 15:27:00 UTC

Import patches-unapplied version 1.1.29-5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: de3a552022453250989bc320b9cea76ca1b92819

New changelog entries:
  * Team upload.
  * Refresh patches using Gbp Pq.
  * Add patch from upstream to fix FTBFS in ia64. Closes: #881818
  * Declare that libxslt can be built without root, R³:no.

Author: Mattia Rizzolo
Author Date: 2017-11-15 15:27:00 UTC

Import patches-unapplied version 1.1.29-5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: de3a552022453250989bc320b9cea76ca1b92819

New changelog entries:
  * Team upload.
  * Refresh patches using Gbp Pq.
  * Add patch from upstream to fix FTBFS in ia64. Closes: #881818
  * Declare that libxslt can be built without root, R³:no.

Author: Mattia Rizzolo
Author Date: 2017-10-28 13:04:16 UTC

Import patches-applied version 1.1.29-3 to applied/debian/experimental

Imported using git-ubuntu import.

Changelog parent: 67a0347ced58938ddb77de0a18c7fa8e4b128a35
Unapplied parent: 5d45c096fdc6f7f7f8d90979dd1333e8526de338

New changelog entries:
  * Team upload.
  * d/upstream/signing-key.asc: add Daniel Veillard's gpg key to allow
    cryptographic verification of the upstream tarballs.
  * d/patches/0003-fix-typo.patch: forward to upstream.
  * d/control: Bump Standards-Version to 4.1.1:
    + Move packages from the deprecated section:extra to section:optional.
  * d/rules:
    + Use /usr/share/dpkg/architecture.mk instead of calling dpkg-architecture.
    + Let dh_auto_configure deal with buildflags from the environment, and
      use dpkg-buildflags to set -Wl,--as-needed.
    + Move xsltconfig.h to a multi-arch location. Closes: #834714
      Thanks to Hugh McMaster <hugh.mcmaster@outlook.com> for the initial patch.

Author: Mattia Rizzolo
Author Date: 2017-10-28 13:04:16 UTC

Import patches-unapplied version 1.1.29-3 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: 4bd31b1e82928d6a2e92783f69c5d7ca9881a4ba

New changelog entries:
  * Team upload.
  * d/upstream/signing-key.asc: add Daniel Veillard's gpg key to allow
    cryptographic verification of the upstream tarballs.
  * d/patches/0003-fix-typo.patch: forward to upstream.
  * d/control: Bump Standards-Version to 4.1.1:
    + Move packages from the deprecated section:extra to section:optional.
  * d/rules:
    + Use /usr/share/dpkg/architecture.mk instead of calling dpkg-architecture.
    + Let dh_auto_configure deal with buildflags from the environment, and
      use dpkg-buildflags to set -Wl,--as-needed.
    + Move xsltconfig.h to a multi-arch location. Closes: #834714
      Thanks to Hugh McMaster <hugh.mcmaster@outlook.com> for the initial patch.

Author: Dimitri John Ledkov
Author Date: 2017-09-07 10:43:06 UTC

Import patches-unapplied version 1.1.29-2.1ubuntu1 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 2136629d525e5c36d77a8d6934c552d674f941d4

New changelog entries:
  * Add rename build-dependency.
  * Stop unconditionally including xlocale.h header in xsltlocale.h as it
    is no longer shipped by glibc2.26. Ideally existing autoconf checks
    should be used to generate xsltlocale.h with or without xlocale.h
    include. LP: #1715599

Author: Dimitri John Ledkov
Author Date: 2017-09-07 10:43:06 UTC

Import patches-unapplied version 1.1.29-2.1ubuntu1 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 2136629d525e5c36d77a8d6934c552d674f941d4

New changelog entries:
  * Add rename build-dependency.
  * Stop unconditionally including xlocale.h header in xsltlocale.h as it
    is no longer shipped by glibc2.26. Ideally existing autoconf checks
    should be used to generate xsltlocale.h with or without xlocale.h
    include. LP: #1715599

Author: Dimitri John Ledkov
Author Date: 2017-09-07 10:43:06 UTC

Import patches-unapplied version 1.1.29-2.1ubuntu1 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 2136629d525e5c36d77a8d6934c552d674f941d4

New changelog entries:
  * Add rename build-dependency.
  * Stop unconditionally including xlocale.h header in xsltlocale.h as it
    is no longer shipped by glibc2.26. Ideally existing autoconf checks
    should be used to generate xsltlocale.h with or without xlocale.h
    include. LP: #1715599

Author: Salvatore Bonaccorso
Author Date: 2017-04-14 06:28:09 UTC

Import patches-applied version 1.1.28-2+deb8u3 to applied/debian/jessie

Imported using git-ubuntu import.

Changelog parent: d51b2b6e3fd4ac2df48662bf57eafccbbe86bc4b
Unapplied parent: ff303c959979a32c39d48f2b49bf8db18138003f

New changelog entries:
  * Non-maintainer upload.
  * Check for integer overflow in xsltAddTextString (CVE-2017-5029)
    (Closes: #858546)

Author: Salvatore Bonaccorso
Author Date: 2017-04-14 06:28:09 UTC

Import patches-unapplied version 1.1.28-2+deb8u3 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: d0e0a0a423c1c3fdc276861ead95624e297d387e

New changelog entries:
  * Non-maintainer upload.
  * Check for integer overflow in xsltAddTextString (CVE-2017-5029)
    (Closes: #858546)

Author: Steve Beattie
Author Date: 2017-04-27 17:58:44 UTC

Import patches-unapplied version 1.1.26-8ubuntu1.4 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 4890a44cd3e92893e73cc647a35819cb4d9c53c1

New changelog entries:
  * SECURITY UPDATE: type-confusion leading to denial of service
    - libxslt/preproc.c: check that the parent node is an element
      before dereferencing its namespace
    - 7ca19df892ca22d9314e95d59ce2abdeff46b617
    - CVE-2015-7955
  * SECURITY UPDATE: out-of-bounds heap memory access
    - libxslt/numbers.c: precompile patterns in xsl:number (prereq),
      special case namespace nodes in xsltNumberFormatGetMultipleLevel
      libxslt/preproc.c, numbersInternals.h: precompile patterns
      in xsl:number (prereq change)
      tests/docs/bug-186*: add testcase
    - Prereq commits: 0d6713d715509da1fec27bec220d43aa4fc48d0f,
      102099fb3bc0b29ede7dadc6388337ef4de59a74
    - d182d8f6ba3071503d96ce17395c9d55871f0242
    - CVE-2016-1683
  * SECURITY UPDATE: integer overflow
    - libxslt/numbers.c: add lower and upper bounds for 'i' and 'a'
      format tokens
    - 91d0540ac9beaa86719a05b749219a69baa0dd8d
    - 405034286fbdd6166229335b7203a41bf53b40fc
    - CVE-2016-1684
  * SECURITY UPDATE: use-after-free in xsltDocumentFunctionLoadDocument
    - libxslt/functions.c: adjust xmlFree() call
      tests/docs/bug-185*, tests/general/bug-185*: add test csses
    - fc1ff481fd01e9a65a921c542fed68d8c965e8a3
    - CVE-2016-1841
  * SECURITY UPDATE: heap information leak
    - libxslt/numbers.c: check for empty decimal separator.
    - eb1030de31165b68487f288308f9d1810fed6880
    - CVE-2016-4738
  * SECURITY UPDATE: integer overflow in libxslt.
    - libxslt/transform.c, libxslt/xsltInternals.h: limit buffer size
      in xsltAddTextString to INT_MAX.
    - 08ab2774b870de1c7b5a48693df75e8154addae5
    - CVE-2017-5029
  * SECURITY UPDATE: double free in hash functions
    - libexslt/crypto.c: remove duplicate free calls
    - d8862309f08054218b28e2c8f5fb3cb2f650cac7
  * SECURITY UPDATE: NULL pointer dereference in Saxon
    - libexslt/saxon.c: fix error handling in Saxon extension functions
      configure.in, tests/exslt/Makefile.am, tests/exslt/saxon/:
      add test cases
    - ef7429bb4f1433726cc8fc4fe3d134d8a439fab1
  * SECURITY UPDATE: out-of-bounds heap memory access
    - libexslt/dynamic.c: use correct type for namespace nodes in
      exsltDynMapFunction
      tests/exslt/dynamic/dynmap*: add testcase
    - 93bb314768aafaffad1df15bbee10b7c5423e283
  * SECURITY UPDATE: out-of-bounds heap read memory access
    - libexslt/saxon.c: do not pass namespace "nodes" to xmlGetLineNo
      tests/exslt/saxon/Makefile.am, tests/exslt/saxon/lineno.1*:
      add test case
    - 8b90c9a699e0eaa98bbeec63a473ddc73aaa238c
  * SECURITY UPDATE: stack-based buffer overflow in exsltDateFormat
    - libexslt/date.c: make stack buffer larger
    - 5d0c6565bab5b9b7efceb33b626916d22b4101a7
  * SECURITY UPDATE: out-of-bounds head read in xsltExtModuleRegisterDynamic
    - libxslt/extensions.c: correct stripping of unwanted characters
    - 87c3d9ea214fc0503fd8130b6dd97431d69cc066

Author: Steve Beattie
Author Date: 2017-04-27 17:58:44 UTC

Import patches-unapplied version 1.1.26-8ubuntu1.4 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 4890a44cd3e92893e73cc647a35819cb4d9c53c1

New changelog entries:
  * SECURITY UPDATE: type-confusion leading to denial of service
    - libxslt/preproc.c: check that the parent node is an element
      before dereferencing its namespace
    - 7ca19df892ca22d9314e95d59ce2abdeff46b617
    - CVE-2015-7955
  * SECURITY UPDATE: out-of-bounds heap memory access
    - libxslt/numbers.c: precompile patterns in xsl:number (prereq),
      special case namespace nodes in xsltNumberFormatGetMultipleLevel
      libxslt/preproc.c, numbersInternals.h: precompile patterns
      in xsl:number (prereq change)
      tests/docs/bug-186*: add testcase
    - Prereq commits: 0d6713d715509da1fec27bec220d43aa4fc48d0f,
      102099fb3bc0b29ede7dadc6388337ef4de59a74
    - d182d8f6ba3071503d96ce17395c9d55871f0242
    - CVE-2016-1683
  * SECURITY UPDATE: integer overflow
    - libxslt/numbers.c: add lower and upper bounds for 'i' and 'a'
      format tokens
    - 91d0540ac9beaa86719a05b749219a69baa0dd8d
    - 405034286fbdd6166229335b7203a41bf53b40fc
    - CVE-2016-1684
  * SECURITY UPDATE: use-after-free in xsltDocumentFunctionLoadDocument
    - libxslt/functions.c: adjust xmlFree() call
      tests/docs/bug-185*, tests/general/bug-185*: add test csses
    - fc1ff481fd01e9a65a921c542fed68d8c965e8a3
    - CVE-2016-1841
  * SECURITY UPDATE: heap information leak
    - libxslt/numbers.c: check for empty decimal separator.
    - eb1030de31165b68487f288308f9d1810fed6880
    - CVE-2016-4738
  * SECURITY UPDATE: integer overflow in libxslt.
    - libxslt/transform.c, libxslt/xsltInternals.h: limit buffer size
      in xsltAddTextString to INT_MAX.
    - 08ab2774b870de1c7b5a48693df75e8154addae5
    - CVE-2017-5029
  * SECURITY UPDATE: double free in hash functions
    - libexslt/crypto.c: remove duplicate free calls
    - d8862309f08054218b28e2c8f5fb3cb2f650cac7
  * SECURITY UPDATE: NULL pointer dereference in Saxon
    - libexslt/saxon.c: fix error handling in Saxon extension functions
      configure.in, tests/exslt/Makefile.am, tests/exslt/saxon/:
      add test cases
    - ef7429bb4f1433726cc8fc4fe3d134d8a439fab1
  * SECURITY UPDATE: out-of-bounds heap memory access
    - libexslt/dynamic.c: use correct type for namespace nodes in
      exsltDynMapFunction
      tests/exslt/dynamic/dynmap*: add testcase
    - 93bb314768aafaffad1df15bbee10b7c5423e283
  * SECURITY UPDATE: out-of-bounds heap read memory access
    - libexslt/saxon.c: do not pass namespace "nodes" to xmlGetLineNo
      tests/exslt/saxon/Makefile.am, tests/exslt/saxon/lineno.1*:
      add test case
    - 8b90c9a699e0eaa98bbeec63a473ddc73aaa238c
  * SECURITY UPDATE: stack-based buffer overflow in exsltDateFormat
    - libexslt/date.c: make stack buffer larger
    - 5d0c6565bab5b9b7efceb33b626916d22b4101a7
  * SECURITY UPDATE: out-of-bounds head read in xsltExtModuleRegisterDynamic
    - libxslt/extensions.c: correct stripping of unwanted characters
    - 87c3d9ea214fc0503fd8130b6dd97431d69cc066

Author: Steve Beattie
Author Date: 2017-04-26 05:57:22 UTC

Import patches-unapplied version 1.1.29-1ubuntu0.1 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 5e3b868661d16924d4ac787ef1a3231a732898b9

New changelog entries:
  * SECURITY UPDATE: heap information leak
    - debian/patches/0007-CVE-2017-4738.patch: check for empty
      decimal separator.
    - CVE-2017-4738
  * SECURITY UPDATE: integer overflow in libxslt.
    - debian/patches/0008-CVE-2017-5029.patch: limit buffer size in
      xsltAddTextString to INT_MAX.
    - CVE-2017-5029

Author: Steve Beattie
Author Date: 2017-04-25 22:30:38 UTC

Import patches-unapplied version 1.1.29-2ubuntu0.1 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 143f805eef6659cecf9dfa2d223c49e7b13a36eb

New changelog entries:
  * SECURITY UPDATE: integer overflow in libxslt.
    - debian/patches/0008-CVE-2017-5029.patch: limit buffer size in
      xsltAddTextString to INT_MAX.
    - CVE-2017-5029

Author: Steve Beattie
Author Date: 2017-04-27 17:58:44 UTC

Import patches-unapplied version 1.1.26-8ubuntu1.4 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 4890a44cd3e92893e73cc647a35819cb4d9c53c1

New changelog entries:
  * SECURITY UPDATE: type-confusion leading to denial of service
    - libxslt/preproc.c: check that the parent node is an element
      before dereferencing its namespace
    - 7ca19df892ca22d9314e95d59ce2abdeff46b617
    - CVE-2015-7955
  * SECURITY UPDATE: out-of-bounds heap memory access
    - libxslt/numbers.c: precompile patterns in xsl:number (prereq),
      special case namespace nodes in xsltNumberFormatGetMultipleLevel
      libxslt/preproc.c, numbersInternals.h: precompile patterns
      in xsl:number (prereq change)
      tests/docs/bug-186*: add testcase
    - Prereq commits: 0d6713d715509da1fec27bec220d43aa4fc48d0f,
      102099fb3bc0b29ede7dadc6388337ef4de59a74
    - d182d8f6ba3071503d96ce17395c9d55871f0242
    - CVE-2016-1683
  * SECURITY UPDATE: integer overflow
    - libxslt/numbers.c: add lower and upper bounds for 'i' and 'a'
      format tokens
    - 91d0540ac9beaa86719a05b749219a69baa0dd8d
    - 405034286fbdd6166229335b7203a41bf53b40fc
    - CVE-2016-1684
  * SECURITY UPDATE: use-after-free in xsltDocumentFunctionLoadDocument
    - libxslt/functions.c: adjust xmlFree() call
      tests/docs/bug-185*, tests/general/bug-185*: add test csses
    - fc1ff481fd01e9a65a921c542fed68d8c965e8a3
    - CVE-2016-1841
  * SECURITY UPDATE: heap information leak
    - libxslt/numbers.c: check for empty decimal separator.
    - eb1030de31165b68487f288308f9d1810fed6880
    - CVE-2016-4738
  * SECURITY UPDATE: integer overflow in libxslt.
    - libxslt/transform.c, libxslt/xsltInternals.h: limit buffer size
      in xsltAddTextString to INT_MAX.
    - 08ab2774b870de1c7b5a48693df75e8154addae5
    - CVE-2017-5029
  * SECURITY UPDATE: double free in hash functions
    - libexslt/crypto.c: remove duplicate free calls
    - d8862309f08054218b28e2c8f5fb3cb2f650cac7
  * SECURITY UPDATE: NULL pointer dereference in Saxon
    - libexslt/saxon.c: fix error handling in Saxon extension functions
      configure.in, tests/exslt/Makefile.am, tests/exslt/saxon/:
      add test cases
    - ef7429bb4f1433726cc8fc4fe3d134d8a439fab1
  * SECURITY UPDATE: out-of-bounds heap memory access
    - libexslt/dynamic.c: use correct type for namespace nodes in
      exsltDynMapFunction
      tests/exslt/dynamic/dynmap*: add testcase
    - 93bb314768aafaffad1df15bbee10b7c5423e283
  * SECURITY UPDATE: out-of-bounds heap read memory access
    - libexslt/saxon.c: do not pass namespace "nodes" to xmlGetLineNo
      tests/exslt/saxon/Makefile.am, tests/exslt/saxon/lineno.1*:
      add test case
    - 8b90c9a699e0eaa98bbeec63a473ddc73aaa238c
  * SECURITY UPDATE: stack-based buffer overflow in exsltDateFormat
    - libexslt/date.c: make stack buffer larger
    - 5d0c6565bab5b9b7efceb33b626916d22b4101a7
  * SECURITY UPDATE: out-of-bounds head read in xsltExtModuleRegisterDynamic
    - libxslt/extensions.c: correct stripping of unwanted characters
    - 87c3d9ea214fc0503fd8130b6dd97431d69cc066

Author: Steve Beattie
Author Date: 2017-04-25 22:30:38 UTC

Import patches-unapplied version 1.1.29-2ubuntu0.1 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 143f805eef6659cecf9dfa2d223c49e7b13a36eb

New changelog entries:
  * SECURITY UPDATE: integer overflow in libxslt.
    - debian/patches/0008-CVE-2017-5029.patch: limit buffer size in
      xsltAddTextString to INT_MAX.
    - CVE-2017-5029

Author: Steve Beattie
Author Date: 2017-04-25 22:30:38 UTC

Import patches-unapplied version 1.1.29-2ubuntu0.1 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 143f805eef6659cecf9dfa2d223c49e7b13a36eb

New changelog entries:
  * SECURITY UPDATE: integer overflow in libxslt.
    - debian/patches/0008-CVE-2017-5029.patch: limit buffer size in
      xsltAddTextString to INT_MAX.
    - CVE-2017-5029

Author: Steve Beattie
Author Date: 2017-04-26 05:57:22 UTC

Import patches-unapplied version 1.1.29-1ubuntu0.1 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 5e3b868661d16924d4ac787ef1a3231a732898b9

New changelog entries:
  * SECURITY UPDATE: heap information leak
    - debian/patches/0007-CVE-2017-4738.patch: check for empty
      decimal separator.
    - CVE-2017-4738
  * SECURITY UPDATE: integer overflow in libxslt.
    - debian/patches/0008-CVE-2017-5029.patch: limit buffer size in
      xsltAddTextString to INT_MAX.
    - CVE-2017-5029

Author: Steve Beattie
Author Date: 2017-04-26 05:57:22 UTC

Import patches-unapplied version 1.1.29-1ubuntu0.1 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 5e3b868661d16924d4ac787ef1a3231a732898b9

New changelog entries:
  * SECURITY UPDATE: heap information leak
    - debian/patches/0007-CVE-2017-4738.patch: check for empty
      decimal separator.
    - CVE-2017-4738
  * SECURITY UPDATE: integer overflow in libxslt.
    - debian/patches/0008-CVE-2017-5029.patch: limit buffer size in
      xsltAddTextString to INT_MAX.
    - CVE-2017-5029

Author: Mattia Rizzolo
Author Date: 2016-10-30 14:01:00 UTC

Import patches-unapplied version 1.1.29-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 5e3b868661d16924d4ac787ef1a3231a732898b9

New changelog entries:
  * Team upload.
  * Bump debhelper compat level to 10.
    + --parallel is now default
    + --with autoreconf is now default
  * Add patch from upstream to fix a heap overread which could cause remote
    arbitrary code execution or denial of service.
    Closes: #842570 — CVE-2016-4738

Author: Mattia Rizzolo
Author Date: 2016-10-30 14:01:00 UTC

Import patches-unapplied version 1.1.29-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 5e3b868661d16924d4ac787ef1a3231a732898b9

New changelog entries:
  * Team upload.
  * Bump debhelper compat level to 10.
    + --parallel is now default
    + --with autoreconf is now default
  * Add patch from upstream to fix a heap overread which could cause remote
    arbitrary code execution or denial of service.
    Closes: #842570 — CVE-2016-4738

Author: YunQiang Su
Author Date: 2016-08-17 07:30:11 UTC

Import patches-unapplied version 1.1.29-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 17470764774f47068657111b7d2997d8bdcdbe2e

New changelog entries:
  * Imported Upstream version 1.1.29 (Closes: #826446)
  * Remove patches which have been merged upstream
  * Remove plugin option in xslt-config as it has arch-dep string
  * Link libxslt with libm (Closes: #801989, #721602)
  * Add --parallel in debian/rules.

Author: YunQiang Su
Author Date: 2016-08-17 07:30:11 UTC

Import patches-unapplied version 1.1.29-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 17470764774f47068657111b7d2997d8bdcdbe2e

New changelog entries:
  * Imported Upstream version 1.1.29 (Closes: #826446)
  * Remove patches which have been merged upstream
  * Remove plugin option in xslt-config as it has arch-dep string
  * Link libxslt with libm (Closes: #801989, #721602)
  * Add --parallel in debian/rules.

Author: Salvatore Bonaccorso
Author Date: 2015-10-30 07:46:43 UTC

Import patches-unapplied version 1.1.28-2.1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 9631bcf9cb0f26ccbd17aa4e8188b83f612c1d9b

New changelog entries:
  * Non-maintainer upload.
  * Add 0009-Fix-for-type-confusion-in-preprocessing-attributes.patch patch.
    CVE-2015-7995: Type confusion in preprocessing attributes leading to
    denial of service. (Closes: #802971)

Author: Salvatore Bonaccorso
Author Date: 2015-10-30 07:46:43 UTC

Import patches-unapplied version 1.1.28-2.1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 9631bcf9cb0f26ccbd17aa4e8188b83f612c1d9b

New changelog entries:
  * Non-maintainer upload.
  * Add 0009-Fix-for-type-confusion-in-preprocessing-attributes.patch patch.
    CVE-2015-7995: Type confusion in preprocessing attributes leading to
    denial of service. (Closes: #802971)

Author: Adam Conrad
Author Date: 2015-03-27 12:17:04 UTC

Import patches-unapplied version 1.1.28-2build2 to ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: c554e1933c1e681dcca762ba8e9bbce9509e4b9e

New changelog entries:
  * No-change rebuild for the libgcrypt20 transition.

Author: Adam Conrad
Author Date: 2015-03-27 12:17:04 UTC

Import patches-unapplied version 1.1.28-2build2 to ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: c554e1933c1e681dcca762ba8e9bbce9509e4b9e

New changelog entries:
  * No-change rebuild for the libgcrypt20 transition.

Author: Adam Conrad
Author Date: 2015-03-27 12:17:04 UTC

Import patches-unapplied version 1.1.28-2build2 to ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: c554e1933c1e681dcca762ba8e9bbce9509e4b9e

New changelog entries:
  * No-change rebuild for the libgcrypt20 transition.

Author: Adam Conrad
Author Date: 2015-03-27 12:17:04 UTC

Import patches-unapplied version 1.1.28-2build2 to ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: c554e1933c1e681dcca762ba8e9bbce9509e4b9e

New changelog entries:
  * No-change rebuild for the libgcrypt20 transition.

Author: Adam Conrad
Author Date: 2015-03-27 12:17:04 UTC

Import patches-unapplied version 1.1.28-2build2 to ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: c554e1933c1e681dcca762ba8e9bbce9509e4b9e

New changelog entries:
  * No-change rebuild for the libgcrypt20 transition.

Author: Matthias Klose
Author Date: 2014-02-23 13:48:33 UTC

Import patches-unapplied version 1.1.28-2build1 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 9631bcf9cb0f26ccbd17aa4e8188b83f612c1d9b

New changelog entries:
  * Rebuild to drop files installed into /usr/share/pyshared.

Author: Matthias Klose
Author Date: 2014-02-23 13:48:33 UTC

Import patches-unapplied version 1.1.28-2build1 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 9631bcf9cb0f26ccbd17aa4e8188b83f612c1d9b

New changelog entries:
  * Rebuild to drop files installed into /usr/share/pyshared.

Author: Matthias Klose
Author Date: 2014-02-23 13:48:33 UTC

Import patches-unapplied version 1.1.28-2build1 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 9631bcf9cb0f26ccbd17aa4e8188b83f612c1d9b

New changelog entries:
  * Rebuild to drop files installed into /usr/share/pyshared.

Author: Matthias Klose
Author Date: 2014-02-23 13:48:33 UTC

Import patches-unapplied version 1.1.28-2build1 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 9631bcf9cb0f26ccbd17aa4e8188b83f612c1d9b

New changelog entries:
  * Rebuild to drop files installed into /usr/share/pyshared.

Author: Salvatore Bonaccorso
Author Date: 2013-03-26 20:48:42 UTC

Import patches-applied version 1.1.26-6+squeeze3 to applied/debian/squeeze

Imported using git-ubuntu import.

Changelog parent: 6efffb208314361b0e071117dbacf77e017e3ea8
Unapplied parent: 0f1fdc2522561389a9f3309f9771fc7ad5bc75d0

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * Add patches to fix denial of service vulnerability (CVE-2012-6139)
    (Closes: #703933)

Author: Salvatore Bonaccorso
Author Date: 2013-03-26 20:48:42 UTC

Import patches-unapplied version 1.1.26-6+squeeze3 to debian/squeeze

Imported using git-ubuntu import.

Changelog parent: 5f0176c10735b700b79194876e36218f1bc1b345

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * Add patches to fix denial of service vulnerability (CVE-2012-6139)
    (Closes: #703933)

Author: Aron Xu
Author Date: 2013-08-01 05:55:48 UTC

Import patches-unapplied version 1.1.28-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f2b3580e68d86406cb48a1c43f8647b1fc051e8b

New changelog entries:
  * debian/patches/000[4-8].patch:
    Upstream post release patches.

Author: Aron Xu
Author Date: 2013-08-01 05:55:48 UTC

Import patches-unapplied version 1.1.28-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f2b3580e68d86406cb48a1c43f8647b1fc051e8b

New changelog entries:
  * debian/patches/000[4-8].patch:
    Upstream post release patches.

Author: Aron Xu
Author Date: 2013-08-01 05:55:48 UTC

Import patches-unapplied version 1.1.28-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f2b3580e68d86406cb48a1c43f8647b1fc051e8b

New changelog entries:
  * debian/patches/000[4-8].patch:
    Upstream post release patches.

Author: Marc Deslauriers
Author Date: 2013-03-28 17:11:19 UTC

Import patches-unapplied version 1.1.22-1ubuntu1.4 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: e40afb96b4d9352d242a5b1bdd231a6072a0fe15

New changelog entries:
  * SECURITY UPDATE: denial of service via malformed stylesheet
    - libxslt/functions.c, libxslt/keys.c: check for empty values
      tests/*: add tests
    - dc11b6b379a882418093ecc8adf11f6166682e8d
    - 6c99c519d97e5fcbec7a9537d190efb442e4e833
    - CVE-2012-6139

Author: Marc Deslauriers
Author Date: 2013-03-28 17:11:19 UTC

Import patches-unapplied version 1.1.22-1ubuntu1.4 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: e40afb96b4d9352d242a5b1bdd231a6072a0fe15

New changelog entries:
  * SECURITY UPDATE: denial of service via malformed stylesheet
    - libxslt/functions.c, libxslt/keys.c: check for empty values
      tests/*: add tests
    - dc11b6b379a882418093ecc8adf11f6166682e8d
    - 6c99c519d97e5fcbec7a9537d190efb442e4e833
    - CVE-2012-6139

Author: Marc Deslauriers
Author Date: 2013-03-28 17:11:19 UTC

Import patches-unapplied version 1.1.22-1ubuntu1.4 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: e40afb96b4d9352d242a5b1bdd231a6072a0fe15

New changelog entries:
  * SECURITY UPDATE: denial of service via malformed stylesheet
    - libxslt/functions.c, libxslt/keys.c: check for empty values
      tests/*: add tests
    - dc11b6b379a882418093ecc8adf11f6166682e8d
    - 6c99c519d97e5fcbec7a9537d190efb442e4e833
    - CVE-2012-6139

Author: Marc Deslauriers
Author Date: 2013-03-28 17:09:03 UTC

Import patches-unapplied version 1.1.26-1ubuntu1.2 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 36a47951304f45d24f8c59c6004fb44a4d9827b9

New changelog entries:
  * SECURITY UPDATE: denial of service via malformed stylesheet
    - libxslt/functions.c, libxslt/keys.c: check for empty values
      tests/*: add tests
    - dc11b6b379a882418093ecc8adf11f6166682e8d
    - 6c99c519d97e5fcbec7a9537d190efb442e4e833
    - CVE-2012-6139

Author: Marc Deslauriers
Author Date: 2013-03-28 17:09:03 UTC

Import patches-unapplied version 1.1.26-1ubuntu1.2 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 36a47951304f45d24f8c59c6004fb44a4d9827b9

New changelog entries:
  * SECURITY UPDATE: denial of service via malformed stylesheet
    - libxslt/functions.c, libxslt/keys.c: check for empty values
      tests/*: add tests
    - dc11b6b379a882418093ecc8adf11f6166682e8d
    - 6c99c519d97e5fcbec7a9537d190efb442e4e833
    - CVE-2012-6139

Author: Marc Deslauriers
Author Date: 2013-03-28 17:09:03 UTC

Import patches-unapplied version 1.1.26-1ubuntu1.2 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 36a47951304f45d24f8c59c6004fb44a4d9827b9

New changelog entries:
  * SECURITY UPDATE: denial of service via malformed stylesheet
    - libxslt/functions.c, libxslt/keys.c: check for empty values
      tests/*: add tests
    - dc11b6b379a882418093ecc8adf11f6166682e8d
    - 6c99c519d97e5fcbec7a9537d190efb442e4e833
    - CVE-2012-6139

Author: Marc Deslauriers
Author Date: 2013-03-28 17:07:58 UTC

Import patches-unapplied version 1.1.26-7ubuntu0.2 to ubuntu/oneiric-security

Imported using git-ubuntu import.

Changelog parent: 05db121c7aad4def550dbca7372ab209dabb64c4

New changelog entries:
  * SECURITY UPDATE: denial of service via malformed stylesheet
    - libxslt/functions.c, libxslt/keys.c: check for empty values
      tests/*: add tests
    - dc11b6b379a882418093ecc8adf11f6166682e8d
    - 6c99c519d97e5fcbec7a9537d190efb442e4e833
    - CVE-2012-6139

Author: Marc Deslauriers
Author Date: 2013-03-28 17:07:58 UTC

Import patches-unapplied version 1.1.26-7ubuntu0.2 to ubuntu/oneiric-security

Imported using git-ubuntu import.

Changelog parent: 05db121c7aad4def550dbca7372ab209dabb64c4

New changelog entries:
  * SECURITY UPDATE: denial of service via malformed stylesheet
    - libxslt/functions.c, libxslt/keys.c: check for empty values
      tests/*: add tests
    - dc11b6b379a882418093ecc8adf11f6166682e8d
    - 6c99c519d97e5fcbec7a9537d190efb442e4e833
    - CVE-2012-6139

Author: Marc Deslauriers
Author Date: 2013-03-28 17:07:58 UTC

Import patches-unapplied version 1.1.26-7ubuntu0.2 to ubuntu/oneiric-security

Imported using git-ubuntu import.

Changelog parent: 05db121c7aad4def550dbca7372ab209dabb64c4

New changelog entries:
  * SECURITY UPDATE: denial of service via malformed stylesheet
    - libxslt/functions.c, libxslt/keys.c: check for empty values
      tests/*: add tests
    - dc11b6b379a882418093ecc8adf11f6166682e8d
    - 6c99c519d97e5fcbec7a9537d190efb442e4e833
    - CVE-2012-6139

Author: Marc Deslauriers
Author Date: 2013-03-28 17:03:10 UTC

Import patches-unapplied version 1.1.26-14ubuntu0.1 to ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: 1c4292be0da2d57dfc2362cb2132b32cdf604f95

New changelog entries:
  * SECURITY UPDATE: denial of service via malformed stylesheet
    - debian/patches/CVE-2012-6139.patch: check for empty values in
      libxslt/functions.c, libxslt/keys.c, add tests in tests/*.
    - CVE-2012-6139

Author: Marc Deslauriers
Author Date: 2013-03-28 17:03:10 UTC

Import patches-unapplied version 1.1.26-14ubuntu0.1 to ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: 1c4292be0da2d57dfc2362cb2132b32cdf604f95

New changelog entries:
  * SECURITY UPDATE: denial of service via malformed stylesheet
    - debian/patches/CVE-2012-6139.patch: check for empty values in
      libxslt/functions.c, libxslt/keys.c, add tests in tests/*.
    - CVE-2012-6139

Author: Marc Deslauriers
Author Date: 2013-03-28 17:03:10 UTC

Import patches-unapplied version 1.1.26-14ubuntu0.1 to ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: 1c4292be0da2d57dfc2362cb2132b32cdf604f95

New changelog entries:
  * SECURITY UPDATE: denial of service via malformed stylesheet
    - debian/patches/CVE-2012-6139.patch: check for empty values in
      libxslt/functions.c, libxslt/keys.c, add tests in tests/*.
    - CVE-2012-6139

Author: Marc Deslauriers
Author Date: 2013-03-28 16:58:25 UTC

Import patches-unapplied version 1.1.27-1ubuntu2 to ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: 3e2b9dcd4df5a77e7c46c2f8c3315f8e9f683bec

New changelog entries:
  * SECURITY UPDATE: denial of service via malformed stylesheet
    - debian/patches/CVE-2012-6139.patch: check for empty values in
      libxslt/functions.c, libxslt/keys.c, add tests in tests/*.
    - CVE-2012-6139

Author: Marc Deslauriers
Author Date: 2013-03-28 16:58:25 UTC

Import patches-unapplied version 1.1.27-1ubuntu2 to ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: 3e2b9dcd4df5a77e7c46c2f8c3315f8e9f683bec

New changelog entries:
  * SECURITY UPDATE: denial of service via malformed stylesheet
    - debian/patches/CVE-2012-6139.patch: check for empty values in
      libxslt/functions.c, libxslt/keys.c, add tests in tests/*.
    - CVE-2012-6139

Author: Marc Deslauriers
Author Date: 2013-03-28 16:58:25 UTC

Import patches-unapplied version 1.1.27-1ubuntu2 to ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: 3e2b9dcd4df5a77e7c46c2f8c3315f8e9f683bec

New changelog entries:
  * SECURITY UPDATE: denial of service via malformed stylesheet
    - debian/patches/CVE-2012-6139.patch: check for empty values in
      libxslt/functions.c, libxslt/keys.c, add tests in tests/*.
    - CVE-2012-6139

Author: Salvatore Bonaccorso
Author Date: 2013-03-26 19:31:18 UTC

Import patches-unapplied version 1.1.26-14.1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 1c4292be0da2d57dfc2362cb2132b32cdf604f95

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * Upload as NMU acknowledged by Aron Xu.
  * Add patches to fix denial of service vulnerability (CVE-2012-6139)
    (Closes: #703933)

Author: Salvatore Bonaccorso
Author Date: 2013-03-26 19:31:18 UTC

Import patches-applied version 1.1.26-14.1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: d4b82d349faa88152803ced6e56f13ee2289cf29
Unapplied parent: e2051ad49d2190f220184c8d0af7299520a348f1

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * Upload as NMU acknowledged by Aron Xu.
  * Add patches to fix denial of service vulnerability (CVE-2012-6139)
    (Closes: #703933)

Author: Marc Deslauriers
Author Date: 2012-09-28 19:25:53 UTC

Import patches-unapplied version 1.1.26-6ubuntu0.1 to ubuntu/natty-security

Imported using git-ubuntu import.

Changelog parent: ecfd32bb374c362674bafbc58c06673744eb7a80

New changelog entries:
  * SECURITY UPDATE: information disclosure via generate-id XPath function
    - libxslt/functions.c: do not expose object addresses directly.
    - ecb6bcb8d1b7e44842edde3929f412d46b40c89f
    - CVE-2011-1202
  * SECURITY UPDATE: denial of service via out-of-bounds read
    - libxslt/pattern.c: fix improper loop exit.
    - fe5a4fa33eb85bce3253ed3742b1ea6c4b59b41b
    - CVE-2011-3970
  * SECURITY UPDATE: denial of service via out-of-bounds read
    - libxslt/xsltutils.h: check for XML_ELEMENT_NODE
    - e6a0bc8081271f33b9899eb78e1da1a2a0428419
    - CVE-2012-2825
  * SECURITY UPDATE: denial of service via crafted XSLT expression
    - harden code in libexslt/functions.c, libxslt/attributes.c,
      libxslt/functions.c, libxslt/pattern.c, libxslt/preproc.c,
      libxslt/templates.c, libxslt/transform.c, libxslt/variables.c,
      libxslt/xslt.c, libxslt/xsltutils.c.
    - 8566ab4a10158d195adb5f1f61afe1ee8bfebd12
    - 4da0f7e207f14a03daad4663865c285eb27f93e9
    - 24653072221e76d2f1f06aa71225229b532f8946
    - 1564b30e994602a95863d9716be83612580a2fed
    - CVE-2012-2870
  * SECURITY UPDATE: denial of service and possible code execution during
    handling of XSL transforms
    - libxslt/transform.c: check for XML_NAMESPACE_DECL
    - 937ba2a3eb42d288f53c8adc211bd1122869f0bf
    - CVE-2012-2871
  * SECURITY UPDATE: denial of service and possible code execution via
    double free during XSL transforms
    - libxslt/templates.c: Fix dictionary string usage
    - 54977ed7966847e305a2008cb18892df26eeb065
    - CVE-2012-2893

Author: Marc Deslauriers
Author Date: 2012-09-28 19:25:53 UTC

Import patches-unapplied version 1.1.26-6ubuntu0.1 to ubuntu/natty-security

Imported using git-ubuntu import.

Changelog parent: ecfd32bb374c362674bafbc58c06673744eb7a80

New changelog entries:
  * SECURITY UPDATE: information disclosure via generate-id XPath function
    - libxslt/functions.c: do not expose object addresses directly.
    - ecb6bcb8d1b7e44842edde3929f412d46b40c89f
    - CVE-2011-1202
  * SECURITY UPDATE: denial of service via out-of-bounds read
    - libxslt/pattern.c: fix improper loop exit.
    - fe5a4fa33eb85bce3253ed3742b1ea6c4b59b41b
    - CVE-2011-3970
  * SECURITY UPDATE: denial of service via out-of-bounds read
    - libxslt/xsltutils.h: check for XML_ELEMENT_NODE
    - e6a0bc8081271f33b9899eb78e1da1a2a0428419
    - CVE-2012-2825
  * SECURITY UPDATE: denial of service via crafted XSLT expression
    - harden code in libexslt/functions.c, libxslt/attributes.c,
      libxslt/functions.c, libxslt/pattern.c, libxslt/preproc.c,
      libxslt/templates.c, libxslt/transform.c, libxslt/variables.c,
      libxslt/xslt.c, libxslt/xsltutils.c.
    - 8566ab4a10158d195adb5f1f61afe1ee8bfebd12
    - 4da0f7e207f14a03daad4663865c285eb27f93e9
    - 24653072221e76d2f1f06aa71225229b532f8946
    - 1564b30e994602a95863d9716be83612580a2fed
    - CVE-2012-2870
  * SECURITY UPDATE: denial of service and possible code execution during
    handling of XSL transforms
    - libxslt/transform.c: check for XML_NAMESPACE_DECL
    - 937ba2a3eb42d288f53c8adc211bd1122869f0bf
    - CVE-2012-2871
  * SECURITY UPDATE: denial of service and possible code execution via
    double free during XSL transforms
    - libxslt/templates.c: Fix dictionary string usage
    - 54977ed7966847e305a2008cb18892df26eeb065
    - CVE-2012-2893

Author: Marc Deslauriers
Author Date: 2012-09-28 19:25:53 UTC

Import patches-unapplied version 1.1.26-6ubuntu0.1 to ubuntu/natty-security

Imported using git-ubuntu import.

Changelog parent: ecfd32bb374c362674bafbc58c06673744eb7a80

New changelog entries:
  * SECURITY UPDATE: information disclosure via generate-id XPath function
    - libxslt/functions.c: do not expose object addresses directly.
    - ecb6bcb8d1b7e44842edde3929f412d46b40c89f
    - CVE-2011-1202
  * SECURITY UPDATE: denial of service via out-of-bounds read
    - libxslt/pattern.c: fix improper loop exit.
    - fe5a4fa33eb85bce3253ed3742b1ea6c4b59b41b
    - CVE-2011-3970
  * SECURITY UPDATE: denial of service via out-of-bounds read
    - libxslt/xsltutils.h: check for XML_ELEMENT_NODE
    - e6a0bc8081271f33b9899eb78e1da1a2a0428419
    - CVE-2012-2825
  * SECURITY UPDATE: denial of service via crafted XSLT expression
    - harden code in libexslt/functions.c, libxslt/attributes.c,
      libxslt/functions.c, libxslt/pattern.c, libxslt/preproc.c,
      libxslt/templates.c, libxslt/transform.c, libxslt/variables.c,
      libxslt/xslt.c, libxslt/xsltutils.c.
    - 8566ab4a10158d195adb5f1f61afe1ee8bfebd12
    - 4da0f7e207f14a03daad4663865c285eb27f93e9
    - 24653072221e76d2f1f06aa71225229b532f8946
    - 1564b30e994602a95863d9716be83612580a2fed
    - CVE-2012-2870
  * SECURITY UPDATE: denial of service and possible code execution during
    handling of XSL transforms
    - libxslt/transform.c: check for XML_NAMESPACE_DECL
    - 937ba2a3eb42d288f53c8adc211bd1122869f0bf
    - CVE-2012-2871
  * SECURITY UPDATE: denial of service and possible code execution via
    double free during XSL transforms
    - libxslt/templates.c: Fix dictionary string usage
    - 54977ed7966847e305a2008cb18892df26eeb065
    - CVE-2012-2893

Author: Aron Xu
Author Date: 2012-10-02 15:53:39 UTC

Import patches-unapplied version 1.1.26-14 to debian/sid

Imported using git-ubuntu import.

Changelog parent: ce9369cac0517eb20232072097997f10fe218dda

New changelog entries:
  * Patch to fix three CVEs (Closes: #689422):
    - CVE-2012-2870 by Daniel Veillard and Chris Evans
    - CVE-2012-2871 by Daniel Veillard
    - CVE-2012-2893 by Chris Evans

Author: Stéphane Graber
Author Date: 2012-07-18 19:01:41 UTC

Import patches-unapplied version 1.1.26-8ubuntu1.1 to ubuntu/precise-proposed

Imported using git-ubuntu import.

Changelog parent: 505aa7062862d37cde4db0ba5d018e3afabab950

New changelog entries:
  * debian/control: mark libxslt1-dev as not M-A (LP: #1014197).

Author: Steve Langasek
Author Date: 2011-11-07 20:48:22 UTC

Import patches-unapplied version 1.1.26-8ubuntu1 to ubuntu/precise

Imported using git-ubuntu import.

Changelog parent: 51a666f36e618c6d7b5eba1510e2d48d3f0322e6

New changelog entries:
  * Build for multiarch.

Author: Mike Hommey
Author Date: 2011-03-18 15:11:19 UTC

Import patches-unapplied version 1.1.26-7 to debian/sid

Imported using git-ubuntu import.

Changelog parent: ab899c72d54c1a6702a4467fb768c00a6b625805

New changelog entries:
  * libxslt/functions.c: Fix generate-id() to not expose object addresses.
    Closes: #617413. Fixes: CVE-2011-1202.

Author: Martin Pitt
Author Date: 2010-12-03 08:05:39 UTC

Import patches-unapplied version 1.1.26-6build1 to ubuntu/natty

Imported using git-ubuntu import.

Changelog parent: ab899c72d54c1a6702a4467fb768c00a6b625805

New changelog entries:
  * No-change upload to drop upstream changelog.

Author: Mike Hommey
Author Date: 2010-08-26 09:42:01 UTC

Import patches-unapplied version 1.1.26-6 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 6f3e2f32ed20f3f405efcc5375cc7eb41377006f

New changelog entries:
  * debian/python-libxslt1-dbg.preinst: Add preinst snippet to remove
    /usr/share/doc/python-libxslt1-dbg symlink on Ubuntu. This is an
    Ubuntu-only fix, but allows Ubuntu to just use the Debian package
    without further modifications.
    Closes: #587910

Author: Mike Hommey
Author Date: 2010-08-26 09:42:01 UTC

Import patches-unapplied version 1.1.26-6 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 6f3e2f32ed20f3f405efcc5375cc7eb41377006f

New changelog entries:
  * debian/python-libxslt1-dbg.preinst: Add preinst snippet to remove
    /usr/share/doc/python-libxslt1-dbg symlink on Ubuntu. This is an
    Ubuntu-only fix, but allows Ubuntu to just use the Debian package
    without further modifications.
    Closes: #587910

Author: Matthias Klose
Author Date: 2010-01-19 12:15:06 UTC

Import patches-unapplied version 1.1.26-1ubuntu1 to ubuntu/lucid

Imported using git-ubuntu import.

Changelog parent: 51372c6085e5ac43df6f91486ab3d6f056461258

New changelog entries:
  * Merge with Debian; remaining changes:
    Build a python-libxslt1-dbg package.

Author: Matthias Klose
Author Date: 2009-02-22 11:31:19 UTC

Import patches-unapplied version 1.1.24-2ubuntu2 to ubuntu/jaunty

Imported using git-ubuntu import.

Changelog parent: e9755265a2890784a3a903d12b35fad73d558fbb

New changelog entries:
  * Build for python2.6.

Author: Matthias Klose
Author Date: 2009-02-22 11:31:19 UTC

Import patches-unapplied version 1.1.24-2ubuntu2 to ubuntu/jaunty

Imported using git-ubuntu import.

Changelog parent: e9755265a2890784a3a903d12b35fad73d558fbb

New changelog entries:
  * Build for python2.6.

Author: Matthias Klose
Author Date: 2009-02-22 11:31:19 UTC

Import patches-unapplied version 1.1.24-2ubuntu2 to ubuntu/jaunty

Imported using git-ubuntu import.

Changelog parent: e9755265a2890784a3a903d12b35fad73d558fbb

New changelog entries:
  * Build for python2.6.