brian m. carlson
2008-Jul-31 20:46 UTC
[Secure-testing-team] Bug#493162: libxslt1.1: buffer overflow [CVE-2008-2935]
Package: libxslt1.1 Version: 1.1.24-1 Severity: grave Tags: security According to DSA 1624-1: Chris Evans discovered that a buffer overflow in the RC4 functions of libexslt may lead to the execution of arbitrary code. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, ''unstable''), (1, ''experimental'') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libxslt1.1 depends on: ii libc6 2.7-13 GNU C Library: Shared libraries ii libgcrypt11 1.4.1-1 LGPL Crypto library - runtime libr ii libxml2 2.6.32.dfsg-2 GNOME XML library libxslt1.1 recommends no packages. libxslt1.1 suggests no packages. -- no debconf information -- brian m. carlson / brian with sandals: Houston, Texas, US +1 713 440 7475 | http://crustytoothpaste.ath.cx/~bmc | My opinion only troff on top of XML: http://crustytoothpaste.ath.cx/~bmc/code/thwack OpenPGP: RSA v4 4096b 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20080731/0275792f/attachment.pgp