Upstream patch: http://git.gnome.org/browse/libxslt/patch/libxslt/templates.c?id=54977ed7966847e305a2008cb18892df26eeb065
Already fixed in dev-libs/libxslt-1.1.27; probably it should be stabilized.
(In reply to comment #1) > Already fixed in dev-libs/libxslt-1.1.27; probably it should be stabilized. +1
Arches, please go ahead.
Tested amd64: all fine here. Just a little change to the ebuild. The lines 108 and 109 should be moved into the "if use python" statement you can see few lines before, because if you don't have python USE flag activated, you will see this message at the "installation phase": mv: cannot stat '/var/tmp/portage/dev-libs/libxslt-1.1.27/image//usr/share/doc/libxslt-python-1.1.27': No such file or directory
(In reply to comment #4) > Tested amd64: all fine here. > > Just a little change to the ebuild. The lines 108 and 109 should be moved > into the "if use python" statement you can see few lines before, because if > you don't have python USE flag activated, you will see this message at the > "installation phase": > > mv: cannot stat > '/var/tmp/portage/dev-libs/libxslt-1.1.27/image//usr/share/doc/libxslt- > python-1.1.27': No such file or directory good catch, this is fixed now.
amd64 stable
x86 stable
ppc/ppc64 stable
alpha/arm/ia64/m68k/s390/sh/sparc stable
Stable for HPPA.
Thanks, everyone. GLSA on the way.
CVE-2012-2893 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2893): Double free vulnerability in libxslt, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms.
This issue was resolved and addressed in GLSA 201401-07 at http://security.gentoo.org/glsa/glsa-201401-07.xml by GLSA coordinator Sergey Popov (pinkbyte).