Ubuntu
libxslt package

[CVE-2008-1767] Buffer overflow in libxslt

Bug #235909 reported by Till Ulen on 2008-05-30

254

	Status	Importance	Assigned to
libxslt (Debian)	Fix Released	Unknown	debbugs #482664
libxslt (Ubuntu)	Fix Released	Low	Kees Cook
Dapper	Fix Released	Low	Kees Cook
Feisty	Fix Released	Low	Kees Cook
Gutsy	Fix Released	Low	Kees Cook
Hardy	Fix Released	Low	Kees Cook
Intrepid	Fix Released	Low	Kees Cook

Bug Description

CVE-2008-1767 description:

"It was discovered that libxslt, an XSLT processing runtime library,
could be coerced into executing arbitrary code via a buffer overflow
when an XSL style sheet file with a long XSLT "transformation match"
condition triggered a large number of steps."

http://www.debian.org/security/2008/dsa-1589
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1767

CVE References

2008-1767

Bug Watch Updater (bug-watch-updater) on 2008-05-30

Changed in libxslt:
status:	Unknown → Fix Released

Revision history for this message

Kees Cook (kees) wrote on 2008-08-01:

This has been published: http://www.ubuntu.com/usn/usn-633-1

Changed in libxslt:
assignee:	nobody → kees
importance:	Undecided → Low
status:	New → Fix Released

Kees Cook (kees) on 2008-08-01

Changed in libxslt:
assignee:	nobody → kees
importance:	Undecided → Low
status:	New → Fix Released
assignee:	nobody → kees
importance:	Undecided → Low
status:	New → Fix Released
assignee:	nobody → kees
importance:	Undecided → Low
status:	New → Fix Released
assignee:	nobody → kees
importance:	Undecided → Low
status:	New → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

debbugs #482664
[done grave patch security] Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntulibxslt package