Hi Aron!
On Tue, Mar 26, 2013 at 04:05:16PM +0800, Aron Xu wrote:
Hi,
Please go ahead with NMU, and thank you very much!
Uploaded now the package with the patch. Here again for reference in
case you want to commit it to the git repo.
Regards and thanks for the ack. With that I uploaded without the
delaying queue.
Salvatore
diff -Nru libxslt-1.1.26/debian/changelog libxslt-1.1.26/debian/changelog
--- libxslt-1.1.26/debian/changelog 2012-10-02 17:55:02.0 +0200
+++ libxslt-1.1.26/debian/changelog 2013-03-26 20:43:41.0 +0100
@@ -1,3 +1,12 @@
+libxslt (1.1.26-14.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Upload as NMU acknowledged by Aron Xu.
+ * Add patches to fix denial of service vulnerability (CVE-2012-6139)
+(Closes: #703933)
+
+ -- Salvatore Bonaccorso car...@debian.org Tue, 26 Mar 2013 20:31:18 +0100
+
libxslt (1.1.26-14) unstable; urgency=low
* Patch to fix three CVEs (Closes: #689422):
diff -Nru
libxslt-1.1.26/debian/patches/0009-Fix-crash-with-empty-xsl-key-match-attribute.patch
libxslt-1.1.26/debian/patches/0009-Fix-crash-with-empty-xsl-key-match-attribute.patch
---
libxslt-1.1.26/debian/patches/0009-Fix-crash-with-empty-xsl-key-match-attribute.patch
1970-01-01 01:00:00.0 +0100
+++
libxslt-1.1.26/debian/patches/0009-Fix-crash-with-empty-xsl-key-match-attribute.patch
2013-03-26 20:43:41.0 +0100
@@ -0,0 +1,64 @@
+From dc11b6b379a882418093ecc8adf11f6166682e8d Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer wellnho...@aevum.de
+Date: Sun, 21 Oct 2012 19:02:25 +0200
+Subject: [PATCH] Fix crash with empty xsl:key/@match attribute
+
+See https://bugzilla.gnome.org/show_bug.cgi?id=685328
+
+Also improve some xsl:key error messages.
+---
+ libxslt/keys.c | 16 +++-
+ 1 file changed, 11 insertions(+), 5 deletions(-)
+
+--- a/libxslt/keys.c
b/libxslt/keys.c
+@@ -311,8 +311,8 @@
+ end = skipPredicate(match, end);
+ if (end = 0) {
+ xsltTransformError(NULL, style, inst,
+- key pattern is malformed: %s,
+- key-match);
++ xsl:key : 'match' pattern is malformed: %s,
++ key-match);
+ if (style != NULL) style-errors++;
+ goto error;
+ }
+@@ -321,7 +321,7 @@
+ }
+ if (current == end) {
+ xsltTransformError(NULL, style, inst,
+- key pattern is empty\n);
++ xsl:key : 'match' pattern is empty\n);
+ if (style != NULL) style-errors++;
+ goto error;
+ }
+@@ -344,6 +344,12 @@
+ }
+ current = end;
+ }
++if (pattern == NULL) {
++xsltTransformError(NULL, style, inst,
++ xsl:key : 'match' pattern is empty\n);
++if (style != NULL) style-errors++;
++goto error;
++}
+ #ifdef WITH_XSLT_DEBUG_KEYS
+ xsltGenericDebug(xsltGenericDebugContext,
+ resulting pattern %s\n, pattern);
+@@ -359,14 +365,14 @@
+ key-comp = xsltXPathCompile(style, pattern);
+ if (key-comp == NULL) {
+ xsltTransformError(NULL, style, inst,
+- xsl:key : XPath pattern compilation failed '%s'\n,
++ xsl:key : 'match' pattern compilation failed '%s'\n,
+pattern);
+ if (style != NULL) style-errors++;
+ }
+ key-usecomp = xsltXPathCompile(style, use);
+ if (key-usecomp == NULL) {
+ xsltTransformError(NULL, style, inst,
+- xsl:key : XPath pattern compilation failed '%s'\n,
++ xsl:key : 'use' expression compilation failed '%s'\n,
+use);
+ if (style != NULL) style-errors++;
+ }
diff -Nru
libxslt-1.1.26/debian/patches/0010-Crash-when-passing-an-uninitialized-variable-to-docu.patch
libxslt-1.1.26/debian/patches/0010-Crash-when-passing-an-uninitialized-variable-to-docu.patch
---
libxslt-1.1.26/debian/patches/0010-Crash-when-passing-an-uninitialized-variable-to-docu.patch
1970-01-01 01:00:00.0 +0100
+++
libxslt-1.1.26/debian/patches/0010-Crash-when-passing-an-uninitialized-variable-to-docu.patch
2013-03-26 20:43:41.0 +0100
@@ -0,0 +1,85 @@
+From 6c99c519d97e5fcbec7a9537d190efb442e4e833 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer wellnho...@aevum.de
+Date: Wed, 10 Oct 2012 12:09:36 +0200
+Subject: [PATCH] Crash when passing an uninitialized variable to document()
+
+https://bugzilla.gnome.org/show_bug.cgi?id=685330
+
+Missing check for NULL
+---
+ libxslt/functions.c |5 +++--
+ tests/docs/Makefile.am|1 +
+ tests/docs/bug-180.xml|2 ++
+ tests/general/Makefile.am |1 +
+ tests/general/bug-180.err |4
+ tests/general/bug-180.xsl |8
+ 6 files changed, 19 insertions(+), 2 deletions(-)
+ create mode 100644
