Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 598204 (CVE-2016-4738) - <dev-libs/libxslt-1.1.30: Heap overread due to an empty decimal-separator
Summary: <dev-libs/libxslt-1.1.30: Heap overread due to an empty decimal-separator
Status: RESOLVED FIXED
Alias: CVE-2016-4738
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: A3 [glsa+ cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2016-10-27 08:15 UTC by Agostino Sarubbo
Modified: 2018-04-04 01:52 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2016-10-27 08:15:04 UTC
From ${URL} :

A heap overread vulnerability was found in xsltFormatNumberConversion function in libxslt. An empty decimal-separator could cause a heap overread. This 
can be exploited to leak a couple of bytes after the buffer that holds the pattern string.

Upstream patch:

https://git.gnome.org/browse/libxslt/commit/?id=eb1030de31165b68487f288308f9d1810fed6880


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2017-01-09 23:08:35 UTC
Not yet released, https://github.com/GNOME/libxslt/commit/eb1030de31165b68487f288308f9d1810fed6880
Comment 2 Gilles Dartiguelongue (RETIRED) gentoo-dev 2017-09-05 06:59:05 UTC
This patch made it to 1.1.30 release that I just added to the tree.
Comment 3 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2018-04-03 23:58:25 UTC
Added to existing GLSA.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2018-04-04 01:52:42 UTC
This issue was resolved and addressed in
 GLSA 201804-01 at https://security.gentoo.org/glsa/201804-01
by GLSA coordinator Aaron Bauman (b-man).