Your message dated Thu, 21 Aug 2025 17:48:07 +0000
with message-id <[email protected]>
and subject line Bug#1108074: fixed in libxslt 1.1.35-1+deb12u2
has caused the Debian Bug report #1108074,
regarding libxslt: CVE-2023-40403
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1108074: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108074
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libxslt
Version: 1.1.35-1.2
Severity: important
Tags: security upstream
Forwarded: https://gitlab.gnome.org/GNOME/libxslt/-/issues/94
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 1.1.35-1+deb12u1
Control: found -1 1.1.35-1
Hi,
The following vulnerability was published for libxslt.
CVE-2023-40403[0]:
| The issue was addressed with improved memory handling. This issue is
| fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7,
| macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma
| 14. Processing web content may disclose sensitive information.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-40403
https://www.cve.org/CVERecord?id=CVE-2023-40403
[1] https://gitlab.gnome.org/GNOME/libxslt/-/issues/94
[2]
https://gitlab.gnome.org/GNOME/libxslt/-/commit/82f6cbf8ca61b1f9e00dc04aa3b15d563e7bbc6d
[3] https://gitlab.gnome.org/GNOME/libxslt/-/issues/94#note_1855467
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libxslt
Source-Version: 1.1.35-1+deb12u2
Done: Aron Xu <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libxslt, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Aron Xu <[email protected]> (supplier of updated libxslt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 18 Aug 2025 01:31:08 +0800
Source: libxslt
Architecture: source
Version: 1.1.35-1+deb12u2
Distribution: bookworm-security
Urgency: high
Maintainer: Debian XML/SGML Group <[email protected]>
Changed-By: Aron Xu <[email protected]>
Closes: 1108074 1109123
Changes:
libxslt (1.1.35-1+deb12u2) bookworm-security; urgency=high
.
* Fix information disclosure with improved memory handling of generated-id()
(Closes: #1108074, CVE-2023-40403)
* Fix type confusion in xmlNode.psvi between stylesheet and source nodes
(Closes: #1109123, CVE-2025-7424)
Checksums-Sha1:
b80ec2195fd1901b55b9133b5acf14e935ba21b6 1842 libxslt_1.1.35-1+deb12u2.dsc
9e4e7f884f8ac88c17df0f9475201bef985d42e4 1827548 libxslt_1.1.35.orig.tar.xz
d2247666b95b43a27cbe409bf8c497134c73243c 29784
libxslt_1.1.35-1+deb12u2.debian.tar.xz
0703373689ef8dfa7a31a95c4db69a24fa43f379 5444
libxslt_1.1.35-1+deb12u2_source.buildinfo
Checksums-Sha256:
5190c8669cfbbb30f76aa3a0db99cf66d7d452333ee975153bea863ade5e9a32 1842
libxslt_1.1.35-1+deb12u2.dsc
8247f33e9a872c6ac859aa45018bc4c4d00b97e2feac9eebc10c93ce1f34dd79 1827548
libxslt_1.1.35.orig.tar.xz
9bb447447f396c8faf3bbf39cb6848d7af04de09594670c910f1407ab5280334 29784
libxslt_1.1.35-1+deb12u2.debian.tar.xz
9145811bb0896635b99421421d941f69ef609732d02894c09b26c08f1f21e2b3 5444
libxslt_1.1.35-1+deb12u2_source.buildinfo
Files:
5bb6210712f0cd904a39a862a624c2a7 1842 text optional
libxslt_1.1.35-1+deb12u2.dsc
5b3a634b77effd8a6268c21173575053 1827548 text optional
libxslt_1.1.35.orig.tar.xz
3cc995b804c8b8f39057ef3049518f8d 29784 text optional
libxslt_1.1.35-1+deb12u2.debian.tar.xz
f8c10578cb92197909cacdab86e474c2 5444 text optional
libxslt_1.1.35-1+deb12u2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEBLHAyuu1xqoC2aJ5NP8o68vMTMgFAmiiEz4ACgkQNP8o68vM
TMjUrQf9ETvpb/EvCyDVvz9agK8piv2fYnTO2LyU2E0twSE9m2hyJ5SSxGt8EDzY
LW5rqI5zMY75wiZ1cpT6RbNg6dApnbdzE1E6PW+0tVe0HvBgo4Bmw0m220DB7hvT
wY+pdzENg7oPTCPkFgeelW3prWjHiz3ztSL9m1iv+QQ+gXBRSTRnv0r6r6fP8rQE
uQqcUnRWNL3wSAH/f/5INmCfBfhgHVfbJNH2chcUkqTQFU3cXRul6CKuxU4Lf3XD
iPTvwHkfi7qYG3c3BNEn1B+yP417xkdjsEwbochXoEzIUgC7BAo8R52pfMpmX2li
8b5Lwc6x9EOyMICVdLBJgZLvL0/6eQ==
=+nlK
-----END PGP SIGNATURE-----
pgpdNr5p7ql7k.pgp
Description: PGP signature
--- End Message ---
