Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 358615 (CVE-2011-1202) - <dev-libs/libxslt-1.1.26-r1: Heap address leak (CVE-2011-1202)
Summary: <dev-libs/libxslt-1.1.26-r1: Heap address leak (CVE-2011-1202)
Alias: CVE-2011-1202
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: A4 [noglsa]
Depends on:
Reported: 2011-03-12 20:41 UTC by Paweł Hajdan, Jr. (RETIRED)
Modified: 2012-03-05 07:14 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-03-12 20:41:40 UTC
Chris Evans discovered a heap address leak in XSLT
The bug is in the generate-id() XPath function, and is 
sometimes used in XSL transforms. 
This is a low severity information leak, that does not
corrupt anything, However it can be paired with other 
bugs and can be perhaps used as an exploit aid against

Comment 1 Pacho Ramos gentoo-dev 2011-03-12 20:59:11 UTC
+*libxslt-1.1.26-r1 (12 Mar 2011)
+  12 Mar 2011; Pacho Ramos <> +libxslt-1.1.26-r1.ebuild,
+  +files/libxslt-1.1.26-id-generation.patch:
+  Fix heap address leak (CVE-2011-1202).
Comment 2 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-03-13 08:41:22 UTC
Thank you. Arches, please stabilize =dev-libs/libxslt-1.1.26-r1
Comment 3 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-03-13 12:18:50 UTC
ppc/ppc64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2011-03-13 13:23:33 UTC
amd64 ok
Comment 5 Christian Faulhammer (RETIRED) gentoo-dev 2011-03-13 14:33:34 UTC
x86 stable
Comment 6 Markos Chandras (RETIRED) gentoo-dev 2011-03-13 15:49:06 UTC
amd64 done. Thanks Agostino
Comment 7 Tobias Klausmann (RETIRED) gentoo-dev 2011-03-13 19:01:28 UTC
Stable on alpha
Comment 8 Jeroen Roovers (RETIRED) gentoo-dev 2011-03-15 15:40:45 UTC
Stable for HPPA.
Comment 9 Raúl Porcel (RETIRED) gentoo-dev 2011-03-18 17:31:30 UTC
arm/ia64/s390/sh/sparc stable
Comment 10 Tim Sammut (RETIRED) gentoo-dev 2011-03-19 22:41:31 UTC
Thanks, everyone. GLSA Vote: no.
Comment 11 Stefan Behte (RETIRED) gentoo-dev Security 2011-03-29 19:51:16 UTC
Vote: no, closing noglsa.