-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : libxslt Version : 1.1.28-2+deb8u6 CVE ID : CVE-2019-18197 Debian Bug : 942646
A security vulnerability was discovered in libxslt, a XSLT 1.0 processing library written in C. In xsltCopyText in transform.c, a pointer variable is not reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed. For Debian 8 "Jessie", this problem has been fixed in version 1.1.28-2+deb8u6. We recommend that you upgrade your libxslt packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl22CYBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeTX9Q/8CCt6d67BMGs+NR4nYlV4ZTzQWfBm4LlP3WhMC7apuW5muq7KLbTWel72 u2/7g7ZDsUSIhtLdJIWUs0BktvYfJuAXBwMnrVfVvGORmqTb43WjV14PTvCCiylX fD947c1crkFEw8vVLAGJZl33Y6PNdJjkz4Ko26avEYrt/yeuS3RKR1TV0lR4SIZx moswzfCVVtxKOmL756ItaOWc3wEB5SM7NlWFHho9Gp0QaETo4EBrBsvEGMu3Mndh 8ReliCfd/RBFOxFeEktjaQxHyuLOfMrIXm0M/hZr/6apRPWDC4wAZVUGlibDingZ RgAmtlHZ5dbw03EpJpelqPcpAlZFOeb133c2cKsV0FkJtL/n2NepxJg76d3B6/pi 50/pEyolch48mSABf03LdbAiWj9Xn+XqIWJQv+X75aBV/mqE7r2F1dlhPVKaIdFI zCKmWOBZvtHCgGNy6YXxkPO4FNqUMONUfB74pKJAqg4cfeY/8h/nUmrMxxBVtNt2 noWLzbN6I8rd7HrHJZD+JwRkaOf/F+bGRyUksrnXIuhv5PNlmLu7mPI+S19l2HJk LVrpvPE36HQUZPzYq5cGaCQqtKRCt94+ZUr/qsh/ysFL2E8EcSgdHKzmRV/u24bY Kn52ixPvmMsGNFznU0nQ7IU8Kj4OaVibJdofGjb3T6TwLx5NE2Q= =T7al -----END PGP SIGNATURE-----
