[Buildroot] [PATCH] package/libxslt: add upstream security fix for CVE-2019-11068

Peter Korsgaard peter at korsgaard.com
Fri Apr 26 12:58:10 UTC 2019


>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > Fixes the following security issue:
 > - CVE-2019-11068: libxslt through 1.1.33 allows bypass of a protection
 >   mechanism because callers of xsltCheckRead and xsltCheckWrite permit
 >   access even upon receiving a -1 error code.  xsltCheckRead can return -1
 >   for a crafted URL that is not actually invalid and is subsequently loaded.

 > Upstream bugtracker issue not yet public:
 > https://gitlab.gnome.org/GNOME/libxslt/issues/12

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed to 2019.02.x, thanks.

-- 
Bye, Peter Korsgaard



More information about the buildroot mailing list