Chris Evans discovered a heap address leak in XSLT The bug is in the generate-id() XPath function, and is sometimes used in XSL transforms. This is a low severity information leak, that does not corrupt anything, However it can be paired with other bugs and can be perhaps used as an exploit aid against ASLR. References: http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f https://bugzilla.redhat.com/show_bug.cgi?id=684386
+*libxslt-1.1.26-r1 (12 Mar 2011) + + 12 Mar 2011; Pacho Ramos <pacho@gentoo.org> +libxslt-1.1.26-r1.ebuild, + +files/libxslt-1.1.26-id-generation.patch: + Fix heap address leak (CVE-2011-1202). +
Thank you. Arches, please stabilize =dev-libs/libxslt-1.1.26-r1
ppc/ppc64 stable
amd64 ok
x86 stable
amd64 done. Thanks Agostino
Stable on alpha
Stable for HPPA.
arm/ia64/s390/sh/sparc stable
Thanks, everyone. GLSA Vote: no.
Vote: no, closing noglsa.