1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.RC

  • Bug#1100565: libxslt: diff for NMU version 1.1.35-1.2

    From Salvatore Bonaccorso@21:1/5 to All on Sat Mar 15 14:30:01 2025
    Control: tags 1100565 + patch
    Control: tags 1100565 + pending
    Control: tags 1100566 + patch
    Control: tags 1100566 + pending


    Dear maintainer,

    I've prepared an NMU for libxslt (versioned as 1.1.35-1.2) and
    uploaded it to DELAYED/2. Please feel free to tell me if I
    should delay it longer.

    The 2-day delay is not really conforming to the NMU rules so if you
    want me to cancel let me know. My aim is to get the same changes into
    bookworm but ideally before first exposing it in unstable, so the
    short time. But I will happily adapt as you want me to.

    Regards,
    Salvatore

    diff -Nru libxslt-1.1.35/debian/changelog libxslt-1.1.35/debian/changelog
    --- libxslt-1.1.35/debian/changelog 2024-07-09 13:56:17.000000000 +0200
    +++ libxslt-1.1.35/debian/changelog 2025-03-15 14:03:26.000000000 +0100
    @@ -1,3 +1,12 @@
    +libxslt (1.1.35-1.2) unstable; urgency=medium
    +
    + * Non-maintainer upload.
    + * Fix UAF related to excluded namespaces (CVE-2024-55549) (Closes: #1100565) + * Fix use-after-free of XPath context node (CVE-2025-24855)
    + (Closes: #1100566)
    +
    + -- Salvatore Bonaccorso <carnil@debian.org> Sat, 15 Mar 2025 14:03:26 +0100 +
    libxslt (1.1.35-1.1) unstable; urgency=medium

    * Non-maintainer upload.
    diff -Nru libxslt-1.1.35/debian/patches/0012-CVE-2024-55549-Fix-UAF-related-to-excluded-namespace.patch libxslt-1.1.35/debian/patches/0012-CVE-2024-55549-Fix-UAF-related-to-excluded-namespace.patch
    --- libxslt-1.1.35/debian/patches/0012-CVE-2024-55549-Fix-UAF-related-to-excluded-namespace.patch 1970-01-01 01:00:00.000000000 +0100
    +++ libxslt-1.1.35/debian/patches/0012-CVE-2024-55549-Fix-UAF-related-to-excluded-namespace.patch 2025-03-15 14