On Thu, Apr 11, 2019 at 10:46:05PM +0200, Salvatore Bonaccorso wrote: > Source: libxslt > Version: 1.1.32-2 > Severity: important > Tags: security upstream > Forwarded: https://gitlab.gnome.org/GNOME/libxslt/issues/12 > > Hi, > > The following vulnerability was published for libxslt. > > CVE-2019-11068[0]: > | libxslt through 1.1.33 allows bypass of a protection mechanism because > | callers of xsltCheckRead and xsltCheckWrite permit access even upon > | receiving a -1 error code. xsltCheckRead can return -1 for a crafted > | URL that is not actually invalid and is subsequently loaded.
I submitted an MR at salsa. Cheers, Moritz