ubuntu/+source/libxslt:ubuntu/precise-security

Last commit made on 2017-04-27
Get this branch:
git clone -b ubuntu/precise-security https://git.launchpad.net/ubuntu/+source/libxslt
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/precise-security
Repository:
lp:ubuntu/+source/libxslt

Recent commits

6f1f321... by Steve Beattie on 2017-04-27

Import patches-unapplied version 1.1.26-8ubuntu1.4 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 4890a44cd3e92893e73cc647a35819cb4d9c53c1

New changelog entries:
  * SECURITY UPDATE: type-confusion leading to denial of service
    - libxslt/preproc.c: check that the parent node is an element
      before dereferencing its namespace
    - 7ca19df892ca22d9314e95d59ce2abdeff46b617
    - CVE-2015-7955
  * SECURITY UPDATE: out-of-bounds heap memory access
    - libxslt/numbers.c: precompile patterns in xsl:number (prereq),
      special case namespace nodes in xsltNumberFormatGetMultipleLevel
      libxslt/preproc.c, numbersInternals.h: precompile patterns
      in xsl:number (prereq change)
      tests/docs/bug-186*: add testcase
    - Prereq commits: 0d6713d715509da1fec27bec220d43aa4fc48d0f,
      102099fb3bc0b29ede7dadc6388337ef4de59a74
    - d182d8f6ba3071503d96ce17395c9d55871f0242
    - CVE-2016-1683
  * SECURITY UPDATE: integer overflow
    - libxslt/numbers.c: add lower and upper bounds for 'i' and 'a'
      format tokens
    - 91d0540ac9beaa86719a05b749219a69baa0dd8d
    - 405034286fbdd6166229335b7203a41bf53b40fc
    - CVE-2016-1684
  * SECURITY UPDATE: use-after-free in xsltDocumentFunctionLoadDocument
    - libxslt/functions.c: adjust xmlFree() call
      tests/docs/bug-185*, tests/general/bug-185*: add test csses
    - fc1ff481fd01e9a65a921c542fed68d8c965e8a3
    - CVE-2016-1841
  * SECURITY UPDATE: heap information leak
    - libxslt/numbers.c: check for empty decimal separator.
    - eb1030de31165b68487f288308f9d1810fed6880
    - CVE-2016-4738
  * SECURITY UPDATE: integer overflow in libxslt.
    - libxslt/transform.c, libxslt/xsltInternals.h: limit buffer size
      in xsltAddTextString to INT_MAX.
    - 08ab2774b870de1c7b5a48693df75e8154addae5
    - CVE-2017-5029
  * SECURITY UPDATE: double free in hash functions
    - libexslt/crypto.c: remove duplicate free calls
    - d8862309f08054218b28e2c8f5fb3cb2f650cac7
  * SECURITY UPDATE: NULL pointer dereference in Saxon
    - libexslt/saxon.c: fix error handling in Saxon extension functions
      configure.in, tests/exslt/Makefile.am, tests/exslt/saxon/:
      add test cases
    - ef7429bb4f1433726cc8fc4fe3d134d8a439fab1
  * SECURITY UPDATE: out-of-bounds heap memory access
    - libexslt/dynamic.c: use correct type for namespace nodes in
      exsltDynMapFunction
      tests/exslt/dynamic/dynmap*: add testcase
    - 93bb314768aafaffad1df15bbee10b7c5423e283
  * SECURITY UPDATE: out-of-bounds heap read memory access
    - libexslt/saxon.c: do not pass namespace "nodes" to xmlGetLineNo
      tests/exslt/saxon/Makefile.am, tests/exslt/saxon/lineno.1*:
      add test case
    - 8b90c9a699e0eaa98bbeec63a473ddc73aaa238c
  * SECURITY UPDATE: stack-based buffer overflow in exsltDateFormat
    - libexslt/date.c: make stack buffer larger
    - 5d0c6565bab5b9b7efceb33b626916d22b4101a7
  * SECURITY UPDATE: out-of-bounds head read in xsltExtModuleRegisterDynamic
    - libxslt/extensions.c: correct stripping of unwanted characters
    - 87c3d9ea214fc0503fd8130b6dd97431d69cc066

4890a44... by Marc Deslauriers on 2013-03-28

Import patches-unapplied version 1.1.26-8ubuntu1.3 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 01789e925e23741e42eec542692209f5eb14aa8e

New changelog entries:
  * SECURITY UPDATE: denial of service via malformed stylesheet
    - libxslt/functions.c, libxslt/keys.c: check for empty values
      tests/*: add tests
    - dc11b6b379a882418093ecc8adf11f6166682e8d
    - 6c99c519d97e5fcbec7a9537d190efb442e4e833
    - CVE-2012-6139

01789e9... by Marc Deslauriers on 2012-09-28

Import patches-unapplied version 1.1.26-8ubuntu1.2 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 92c830766ce4c117a19a7ee976a53d8674034800

New changelog entries:
  * SECURITY UPDATE: denial of service via out-of-bounds read
    - libxslt/pattern.c: fix improper loop exit.
    - fe5a4fa33eb85bce3253ed3742b1ea6c4b59b41b
    - CVE-2011-3970
  * SECURITY UPDATE: denial of service via out-of-bounds read
    - libxslt/xsltutils.h: check for XML_ELEMENT_NODE
    - e6a0bc8081271f33b9899eb78e1da1a2a0428419
    - CVE-2012-2825
  * SECURITY UPDATE: denial of service via crafted XSLT expression
    - harden code in libexslt/functions.c, libxslt/attributes.c,
      libxslt/functions.c, libxslt/pattern.c, libxslt/preproc.c,
      libxslt/templates.c, libxslt/transform.c, libxslt/variables.c,
      libxslt/xslt.c, libxslt/xsltutils.c.
    - 8566ab4a10158d195adb5f1f61afe1ee8bfebd12
    - 4da0f7e207f14a03daad4663865c285eb27f93e9
    - 24653072221e76d2f1f06aa71225229b532f8946
    - 1564b30e994602a95863d9716be83612580a2fed
    - CVE-2012-2870
  * SECURITY UPDATE: denial of service and possible code execution during
    handling of XSL transforms
    - libxslt/transform.c: check for XML_NAMESPACE_DECL
    - 937ba2a3eb42d288f53c8adc211bd1122869f0bf
    - CVE-2012-2871
  * SECURITY UPDATE: denial of service and possible code execution via
    double free during XSL transforms
    - libxslt/templates.c: Fix dictionary string usage
    - 54977ed7966847e305a2008cb18892df26eeb065
    - CVE-2012-2893

92c8307... by Stéphane Graber on 2012-07-18

Import patches-unapplied version 1.1.26-8ubuntu1.1 to ubuntu/precise-proposed

Imported using git-ubuntu import.

Changelog parent: 505aa7062862d37cde4db0ba5d018e3afabab950

New changelog entries:
  * debian/control: mark libxslt1-dev as not M-A (LP: #1014197).

505aa70... by Steve Langasek on 2011-11-07

Import patches-unapplied version 1.1.26-8ubuntu1 to ubuntu/precise

Imported using git-ubuntu import.

Changelog parent: 51a666f36e618c6d7b5eba1510e2d48d3f0322e6

New changelog entries:
  * Build for multiarch.

51a666f... by Mike Hommey <email address hidden> on 2011-07-29

Import patches-unapplied version 1.1.26-8 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 9ccfbf4b79b8ab25acbadd80b8168ecf5c6ba5b8

New changelog entries:
  * debian/rules:
    - Empty dependency_libs in .la files. Closes: #633337.
    - Add --with python2 to dh call.
  * debian/control:
    - Remove build dependency on python-support.
    - Build depend on python-all-dev >= 2.6.6-3~.
    - Remove XB-Python-Version header.
    - Bump Standards-Version to 3.9.2.0. No changes required.
  * debian/pycompat: Removed.

9ccfbf4... by Mike Hommey <email address hidden> on 2011-03-18

Import patches-unapplied version 1.1.26-7 to debian/sid

Imported using git-ubuntu import.

Changelog parent: ab899c72d54c1a6702a4467fb768c00a6b625805

New changelog entries:
  * libxslt/functions.c: Fix generate-id() to not expose object addresses.
    Closes: #617413. Fixes: CVE-2011-1202.

ab899c7... by Mike Hommey <email address hidden> on 2010-08-26

Import patches-unapplied version 1.1.26-6 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 6f3e2f32ed20f3f405efcc5375cc7eb41377006f

New changelog entries:
  * debian/python-libxslt1-dbg.preinst: Add preinst snippet to remove
    /usr/share/doc/python-libxslt1-dbg symlink on Ubuntu. This is an
    Ubuntu-only fix, but allows Ubuntu to just use the Debian package
    without further modifications.
    Closes: #587910

6f3e2f3... by Mike Hommey <email address hidden> on 2010-06-29

Import patches-unapplied version 1.1.26-5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 8ac5d1f40b35cef7f3f4e1e7d48e9b734b5b86cf

New changelog entries:
  * debian/rules: Avoid possible renaming of _d.so files to _d_d.so files in
    the install-python%-dbg rules.
  * debian/control:
    - Add missing dependency on python-libxml2-dbg to python-libxslt1-dbg.
    - Remove old Conflicts/Replaces for packages that have disappeared before
      etch.
    - Bump Standards-Version to 3.9.0.0.
    - Add Homepage.
    - Add Vcs-{Git,Browser} fields.

8ac5d1f... by Mike Hommey <email address hidden> on 2010-06-28

Import patches-unapplied version 1.1.26-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 118d5329e7f8ae404fbae6c73ceb80ba5790305d

New changelog entries:
  * debian/rules:
    - Refactor configure-% and build-% rules.
    - Hack to link with -Wl,--as-needed.
  * debian/python-libxslt1.install: Don't hardcode site-/dist-packages in
    .install. Cope with builds which don't have any dist-packages (or
    site-packages) based python versions. Thanks Loïc Minier.
  * debian/control:
    - Add missing XB-Python-Version to python-libxslt1.
    - Mention the version of XSLT implemented. Closes: #579244.
    - Fix typo in libxslt1-dev package description. Closes: #579241.
  * debian/control, debian/python-libxslt1-dbg.install, debian/rules: Add a
    python-libxslt1-dbg package.
  * doc/xsltproc.xml, doc/xsltproc.1: Document what happens when there is
    no output and -o is specified. Closes: #539890.