[ubuntu/jammy-updates] libxslt 1.1.34-4ubuntu0.22.04.4 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Thu Jun 26 16:59:16 UTC 2025
libxslt (1.1.34-4ubuntu0.22.04.4) jammy-security; urgency=medium
* SECURITY UPDATE: ASLR bypass due to exposure of sensitive information
- debian/patches/0002-Make-generate-id-deterministic.patch: removed, as
this was an old and incomplete implementation of the fix.
- debian/patches/CVE-2023-40403-1.patch: implement infrastructure to
store extra data in source nodes.
- debian/patches/CVE-2023-40403-2.patch: store key status of source
nodes as bit flag.
- debian/patches/CVE-2023-40403-3.patch: store RVT ownership in
'compression' member.
- debian/patches/CVE-2023-40403-4.patch: remove the use of
&base_address when generating ids in libxslt/functions.c.
- debian/patches/CVE-2023-40403-5.patch: clean up attributes in
source doc.
- CVE-2023-40403
Date: 2025-06-24 22:09:13.265416+00:00
Changed-By: Edwin Jiang <edwin.jiang at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/libxslt/1.1.34-4ubuntu0.22.04.4
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list