[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2016-4608,libxslt: Jessie has been fixed already

Mon, 22 Jul 2019 05:41:37 -0700 


Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
586fcf1e by Markus Koschany at 2019-07-22T12:38:57Z
CVE-2016-4608,libxslt: Jessie has been fixed already

This issue was fixed in version 1.1.28-2+deb8u1 by applying the

0018-Fix-buffer-overflow-in-exsltDateFormat.patch.

- - - - -
27f071c3 by Markus Koschany at 2019-07-22T12:40:10Z
CVE-2019-13118,CVE-2019-13117,libxslt: remove no-dsa tags for Jessie

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3436,7 +3436,6 @@ CVE-2019-13118 (In numbers.c in libxslt 1.1.33, a type 
holding grouping characte
        - libxslt <unfixed> (low; bug #931320)
        [buster] - libxslt <no-dsa> (Minor issue)
        [stretch] - libxslt <no-dsa> (Minor issue)
-       [jessie] - libxslt <no-dsa> (Minor issue)
        NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069
        NOTE: 
https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b
        NOTE: https://oss-fuzz.com/testcase-detail/5197371471822848
@@ -3444,7 +3443,6 @@ CVE-2019-13117 (In numbers.c in libxslt 1.1.33, an 
xsl:number with certain forma
        - libxslt <unfixed> (low; bug #931321)
        [buster] - libxslt <no-dsa> (Minor issue)
        [stretch] - libxslt <no-dsa> (Minor issue)
-       [jessie] - libxslt <no-dsa> (Minor issue)
        NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471
        NOTE: 
https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1
        NOTE: https://oss-fuzz.com/testcase-detail/5631739747106816
@@ -160502,6 +160500,7 @@ CVE-2016-4609 (libxslt in Apple iOS before 9.3.3, OS 
X before 10.11.6, iTunes be
        NOTE: 
https://gitlab.gnome.org/GNOME/libxslt/commit/8b90c9a699e0eaa98bbeec63a473ddc73aaa238c
 (v1.1.29-rc1)
 CVE-2016-4608 (libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes 
before  ...)
        - libxslt 1.1.29-1
+       [jessie] - libxslt 1.1.28-2+deb8u1
        NOTE: 
https://gitlab.gnome.org/GNOME/libxslt/commit/5d0c6565bab5b9b7efceb33b626916d22b4101a7
 (v1.1.29-rc1)
 CVE-2016-4607 (libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes 
before  ...)
        NOT-FOR-US: Potentially src:libxslt, but Apple doesn't play by the rules



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/d3ebacbfecd38b52462a3a33c93f2427b24a610b...27f071c374cf254fb9ebf7faa0685bdd797bc230

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/d3ebacbfecd38b52462a3a33c93f2427b24a610b...27f071c374cf254fb9ebf7faa0685bdd797bc230
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to