Source: libxslt Version: 1.1.28-2 Severity: grave Tags: security upstream patch
Hi, the following vulnerability was published for libxslt. CVE-2016-4738[0]: | libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and | watchOS before 3 allows remote attackers to execute arbitrary code or | cause a denial of service (memory corruption) via a crafted web site. Unfortunately as for many libxml2 issues, the above is not very specific and there is upstream bug referenced. But the fix is mentioned as [1]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-4738 [1] https://git.gnome.org/browse/libxslt/commit/?id=eb1030de31165b68487f288308f9d1810fed6880 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
