-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : libxslt Version : 1.1.28-2+deb8u4 CVE ID : CVE-2019-11068 Debian Bug : #926895
It was discovered that there was a authentication bypass vulnerability in libxslt, a widely-used library for transforming files from XML to other arbitrary format. The xsltCheckRead and xsltCheckWrite routines permitted access upon receiving an-1 error code and (as xsltCheckRead returned -1 for a specially-crafted URL that is not actually invalid) the attacker was subsequently authenticated. For Debian 8 "Jessie", this issue has been fixed in libxslt version 1.1.28-2+deb8u4. We recommend that you upgrade your libxslt packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAly0rE4ACgkQHpU+J9Qx Hlg1Vg/8D+4zAN887+Grk7O0mgxnphSiJjVueeeC4DUEYAoAk6dgv4WCe951/avL RWvxpPVYmVnbg66MzWAyZiY3zNEDsj5G1tBtCJfQx8ITuVOh/W20IxANCOdnN8fw FaEoYbAj4OiAcuR+exWw/JuUUkByEQzHVssrbISlB0SoQpoOe+tBB1kAyuCc01SX UyEWIXWFYw9Oj2VQEvCAx7E4uSfQ9clFWpnyR27cValR5NrYCYKKq4exXr4/JxAt fNhRGgioiMisC5d4vZNp3K+Go+v0vydHDGSTFvK8+KccnUi9T+ioqVQFdq5HHlOk fOkaxxrtrgDgN4xMVQrhgSL1XFn7/UOqUOqkTRNLUfnwbL8+Ye3E/W2Mnv+J42ng 09l7t41eBWn6KyNbCsgk3DTthZ42TMoaJQHbaNNL4OCRnubbH132nY3VQp1OGrYX 6Mr0TdkDudSNsRu473vFw11ShYEmEjvXgpNYmVKMj7k4l2TXSjjw3e+MZOMIe99K r8QYrfZzoHk4yXbzodFr9rv2pwVvowwboZWqpgg/OBnOiKj+thBec8Qp8cj+ctrg YqYlncIQ2SlaWuIO/ni7k3dnLijWmoTad7XWiTyqMomJpeBg122NKKVPxFTFgcHK yW4umtmPcngIGaSlQiuhNL9R8jWmym7GuAY8Qw1FiRdJJipEhdA= =67Zv -----END PGP SIGNATURE-----