Source: libxslt Version: 1.1.32-2.1 Severity: important Tags: security upstream Control: found -1 1.1.32-1 Control: found -1 1.1.32-2.1~deb10u1 Control: found -1 1.1.29-1 Control: found -1 1.1.29-2.1+deb9u1
Hi, The following vulnerability was published for libxslt. CVE-2019-18197[0]: | In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable | isn't reset under certain circumstances. If the relevant memory area | happened to be freed and reused in a certain way, a bounds check could | fail and memory outside a buffer could be written to, or uninitialized | data could be disclosed. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-18197 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18197 [1] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746 [2] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768 [3] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914 [4] https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285 Please adjust the affected versions in the BTS as needed. Regards, Salvatore