Your message dated Wed, 13 Aug 2025 11:52:15 +0000
with message-id <[email protected]>
and subject line Bug#1109123: fixed in libxslt 1.1.35-2
has caused the Debian Bug report #1109123,
regarding libxslt: CVE-2025-7424
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1109123: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109123
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libxslt
Version: 1.1.35-1.2
Severity: important
Tags: security upstream
Forwarded: https://gitlab.gnome.org/GNOME/libxslt/-/issues/139
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for libxslt.
CVE-2025-7424[0]:
| A flaw was found in the libxslt library. The same memory field,
| psvi, is used for both stylesheet and input data, which can lead to
| type confusion during XML transformations. This vulnerability allows
| an attacker to crash the application or corrupt memory. In some
| cases, it may lead to denial of service or unexpected behavior.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-7424
https://www.cve.org/CVERecord?id=CVE-2025-7424
[1] https://gitlab.gnome.org/GNOME/libxslt/-/issues/139
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libxslt
Source-Version: 1.1.35-2
Done: Aron Xu <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libxslt, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Aron Xu <[email protected]> (supplier of updated libxslt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 13 Aug 2025 19:12:53 +0800
Source: libxslt
Architecture: source
Version: 1.1.35-2
Distribution: unstable
Urgency: medium
Maintainer: Debian XML/SGML Group <[email protected]>
Changed-By: Aron Xu <[email protected]>
Closes: 1108074 1109123
Changes:
libxslt (1.1.35-2) unstable; urgency=medium
.
* Fix information disclosure with improved memory handling of generated-id()
(Closes: #1108074, CVE-2023-40403)
* Fix type confusion in xmlNode.psvi between stylesheet and source nodes
(Closes: #1109123, CVE-2025-7424)
* debian/control: replace pkg-config with pkgconf
Checksums-Sha1:
7e7d1fa8bbcf590fd5a1e8a2b78a9dd0264e08f5 1807 libxslt_1.1.35-2.dsc
cc382a162396393445247afc721d1a0157fe29b5 30452 libxslt_1.1.35-2.debian.tar.xz
7ef4ea789bb4489a14a33f3d40ed9372e4027127 5434 libxslt_1.1.35-2_source.buildinfo
Checksums-Sha256:
55c920734caf320fa42db56af74494971b64870e6812d2b48d5fbbc1cf3a7cb1 1807
libxslt_1.1.35-2.dsc
3b04dd320c662722081be4bba02e628cb4150443469f4a4e58e78986b77f9dbf 30452
libxslt_1.1.35-2.debian.tar.xz
deda547525b37e850d52c79ef538b565fbeeeb8ebc50348c723ace54fc8f5b36 5434
libxslt_1.1.35-2_source.buildinfo
Files:
a2f9289c40d5a864714df7a935b73440 1807 text optional libxslt_1.1.35-2.dsc
0ce882a0b3da5afb3fc42d823b73469c 30452 text optional
libxslt_1.1.35-2.debian.tar.xz
9ed42bb3045eab55c810e45df0633051 5434 text optional
libxslt_1.1.35-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEBLHAyuu1xqoC2aJ5NP8o68vMTMgFAmiceIkACgkQNP8o68vM
TMi1awgAl2V4cfa2VdcCylKlNI2WC9xjlxS7/lFoAzuaYxDsJ6HG+OMdXR85ACx7
dVV39TZPkCTi9A76T8IcjVYZmNoc2amxB0+SwVrfVSTxt6i36VKVXN8CcjWd8NXP
JpvxTVo+5D+faMPTcslJpMRP/wQP1FldW4SU+WegOZwqE5EkDQr3vmv6lHS4Kcle
5ojp2nSTxiErfji12aHivgXfppmk6x347xOHhP7A/9McSELPDHr99gNtFaFGfvTX
9F0izCcekbD8FNqDbUhz3Yerhl4VN1ovVHITBV7exFxkHpnXOFf3X1gEjb5DZbq4
V5WawA6dTabSF63/6LW0qMa2uAsTMQ==
=2q97
-----END PGP SIGNATURE-----
pgp0WqbpR0J4b.pgp
Description: PGP signature
--- End Message ---
