1. Forum
  2. Usenet
  3. LINUX.DEBIAN.DEVEL

  • libxslt: some CVEs not fixed in debian buster

    From Akira Shibakawa@21:1/5 to All on Wed Jul 27 13:20:01 2022
    Hi,
    CVE-2019-5815 and CVE-2021-30560 are vulnerabilities of libxslt
    included in chromium source code as third-party code.
    And not only chromium but also libxslt upstream has already fixed them. https://gitlab.gnome.org/GNOME/libxslt/-/commit/08b62c258 https://gitlab.gnome.org/GNOME/libxslt/-/commit/50f9c9cd3

    Because libxslt in debian buster is older than the fixed version in
    upstream, these bugs are still present in debian buster.
    Is there any plans to fix them in debian buster ?
    (I am wonder why these CVEs are linked to only chromium, not libxslt.)

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From David Bremner@21:1/5 to Akira Shibakawa on Thu Jul 28 12:20:01 2022
    Akira Shibakawa <arabishi900@gmail.com> writes:

    CVE-2019-5815 and CVE-2021-30560 are vulnerabilities of libxslt
    included in chromium source code as third-party code.
    And not only chromium but also libxslt upstream has already fixed them. https://gitlab.gnome.org/GNOME/libxslt/-/commit/08b62c258 https://gitlab.gnome.org/GNOME/libxslt/-/commit/50f9c9cd3

    Because libxslt in debian buster is older than the fixed version in
    upstream, these bugs are still present in debian buster.
    Is there any plans to fix them in debian buster ?
    (I am wonder why these CVEs are linked to only chromium, not libxslt.)

    Since security support for buster will expire in a few days, I suggest following up with the LTS team. More information is available at

    https://wiki.debian.org/LTS


    -----BEGIN PGP SIGNATURE-----

    iQJGBAEBCAAwFiEEkiyHYXwaY0SiY6fqA0U5G1WqFSEFAmLiX5sSHGRhdmlkQHRl dGhlcmEubmV0AAoJEANFORtVqhUh7qYP/0bSr7HuwVkGaoNB7k1r0tfHFwggTJgo MmLIbjPJSeJs9eaoVaHudgCRK3aTPcotzuSNTdI2yFy5nybBNdOQF3nZ319IX+bi 6iH7UvnLMeDVE0CLeaDszocOL/azC6OSlDWj8Wqre84JsCLUtYQbogBUbxpn8ywA FBBsLs/7anRCN8nGbN9pea3Gk2tcn2TB+DnrdjAGfTJlDXao4vYDnC8nwzbNAvzp K2IgXcNMGS6fAETPsQRDzYM1ToVHj9oNYxgVqGS5qxHxzLCjPMbPSP2smYC4TsfP kPwXfmAHqF8xoHP7kbSWZvxklPgOi9Vq0Riv9QnDRLx++eVZMIzPwYitzNW59rW2 7OO0SPFdKJ8M2nm/Nq2xol5mSNbcBsfb6pb3frH0Uz0R+tSHlgWsiMG+qF6rmzcv MAapLmyFdFEa2vw9Qh4udGiD7hN0X/cfd7SQ2OCBmAGX/3KX4K+3X8VCIH0yg0oN N4lkGz9ogCWDpvXt8Fq43HqqDSet6RsA118bxlLI3PkV9Dmw49/E/A3pFFVtJHxs xjPlSlyN8h+IiXEaStAZpc6oSpfPAop6E5UayH85+yr5fMZrwmHyJmLbJg60XWhE p1fpNk3Uh3uJUjOKyScBz0oWqPyXI3O0j1+PJL94CAud99ZeYwhZi7pBusnY+lDg
    8JRQ/fftNQlH
    =3zMR
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)