"There's a bug in libxslt which can result in use-after-free in connection with the <xsl:strip-space> feature. Under certain circumstances, function xsltApplyTemplates can delete text nodes which are still referenced from variables, keys or possibly other data structures." Fix in 1.1.35: https://gitlab.gnome.org/GNOME/libxslt/-/commit/50f9c9cd3b7dfe9b3c8c795247752d1fdcadcac8
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=49e51187a6e928f9ac156a757be6301b61141d5d commit 49e51187a6e928f9ac156a757be6301b61141d5d Author: Sam James <sam@gentoo.org> AuthorDate: 2022-02-17 22:51:32 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-02-17 22:52:29 +0000 dev-libs/libxslt: add 1.1.35 Note that maintainership has officially changed and verify-sig is therefore dropped for now as upstream aren't offering PGP signatures for now: https://gitlab.gnome.org/GNOME/libxml2/-/issues/313#note_1387405. Closes: https://bugs.gentoo.org/833508 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/libxslt/Manifest | 1 + dev-libs/libxslt/libxslt-1.1.35.ebuild | 63 ++++++++++++++++++++++++++++++++++ 2 files changed, 64 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ad676814872917af7dc098f47b0ebb8a106f5d30 commit ad676814872917af7dc098f47b0ebb8a106f5d30 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-02-18 03:53:29 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-02-18 03:53:29 +0000 profiles: mask =dev-libs/libxslt-1.1.35 Too strict parsing? Needs more investigation. Bug: https://bugs.gentoo.org/833586 Bug: https://bugs.gentoo.org/833508 Signed-off-by: Sam James <sam@gentoo.org> profiles/package.mask | 5 +++++ 1 file changed, 5 insertions(+)
commit a3e404dae37843c593b242981ea4e5c17b26e656 Author: Sam James <sam@gentoo.org> Date: Sat Jan 1 09:34:54 2022 +0000 dev-libs/libxslt: drop 1.1.34-r1
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=49515c936bcad95017ac696eb33dd49f6f28e9b5 commit 49515c936bcad95017ac696eb33dd49f6f28e9b5 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-10-31 12:53:57 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-10-31 12:54:25 +0000 [ GLSA 202310-23 ] libxslt: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/820722 Bug: https://bugs.gentoo.org/833508 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202310-23.xml | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+)