Bug#933743: LibXSLT in Debian stable has three unpatched security vulnerabilities

2019-08-06 Thread Daniel Richard G.
On Tue, 2019 Aug 6 15:20-04:00, Salvatore Bonaccorso wrote: > > No I was refering to the bugs filled in the BTS, they were #926895, > #931321 and #931320. We then cross reference those to/from the > security-tracker as well. I added your bug as well later on. I think what may have happened was t

Bug#933743: LibXSLT in Debian stable has three unpatched security vulnerabilities

2019-08-06 Thread Salvatore Bonaccorso
Hi! On Sun, Aug 04, 2019 at 08:26:04PM -0400, Daniel Richard G. wrote: > On Sun, 2019 Aug 4 03:20-04:00, Salvatore Bonaccorso wrote: > > > > Sure it might have been overlooked, but pinging the existing bug would > > have been less overhead to now as well start tracking this one as well > > adjust

Bug#933743: LibXSLT in Debian stable has three unpatched security vulnerabilities

2019-08-04 Thread Daniel Richard G.
On Sun, 2019 Aug 4 03:20-04:00, Salvatore Bonaccorso wrote: > > Sure it might have been overlooked, but pinging the existing bug would > have been less overhead to now as well start tracking this one as well > adjusting metadata etc. But no worries. Just so that I understand, there was an existin

Bug#933743: LibXSLT in Debian stable has three unpatched security vulnerabilities

2019-08-04 Thread Salvatore Bonaccorso
Hi Daniel, On Sat, Aug 03, 2019 at 08:57:56PM -0400, Daniel Richard G. wrote: > Hi Salvatore, > > On Sat, 2019 Aug 3 09:32-04:00, Salvatore Bonaccorso wrote: > > > > As you can see from the security-tracker btw, for all three there are > > bugs filled already. So why a new bug for all three toge

Bug#933743: LibXSLT in Debian stable has three unpatched security vulnerabilities

2019-08-03 Thread Daniel Richard G.
Hi Salvatore, On Sat, 2019 Aug 3 09:32-04:00, Salvatore Bonaccorso wrote: > > As you can see from the security-tracker btw, for all three there are > bugs filled already. So why a new bug for all three together? :) The earliest CVE is nearly four months old, and patches already exist. I filed th

Bug#933743: LibXSLT in Debian stable has three unpatched security vulnerabilities

2019-08-03 Thread Salvatore Bonaccorso
Hi, On Fri, Aug 02, 2019 at 03:30:41PM -0400, Daniel Richard G. wrote: > Package: libxslt1.1 > Version: 1.1.32-2 > Severity: grave > > The upstream version of LibXSLT shipped in Debian stable (1.1.32) has > the following three CVEs reported against it: > > https://nvd.nist.gov/vuln/detail/CV

Bug#933743: LibXSLT in Debian stable has three unpatched security vulnerabilities

2019-08-02 Thread Daniel Richard G.
Package: libxslt1.1 Version: 1.1.32-2 Severity: grave The upstream version of LibXSLT shipped in Debian stable (1.1.32) has the following three CVEs reported against it: https://nvd.nist.gov/vuln/detail/CVE-2019-11068 https://nvd.nist.gov/vuln/detail/CVE-2019-13117 https://nvd.nist.go