shredos.x86_64/package/libxslt/0001-Fix-security-framework-bypass.patch at fc75f57504bd2cae9445bed07b0e2de548c9514c

mirror of https://github.com/PartialVolume/shredos.x86_64.git synced 2026-02-24 03:22:11 +00:00

Files

Peter Korsgaard 73edd3c21c package/libxslt: add upstream security fix for CVE-2019-11068

Fixes the following security issue:

- CVE-2019-11068: libxslt through 1.1.33 allows bypass of a protection
  mechanism because callers of xsltCheckRead and xsltCheckWrite permit
  access even upon receiving a -1 error code.  xsltCheckRead can return -1
  for a crafted URL that is not actually invalid and is subsequently loaded.

Upstream bugtracker issue not yet public:
https://gitlab.gnome.org/GNOME/libxslt/issues/12

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

2019-04-24 21:16:25 +02:00

3.9 KiB

Raw Blame History

View Raw

3.9 KiB Raw Blame History

3.9 KiB

Raw Blame History