Ubuntu has issued an advisory on August 22: https://ubuntu.com/security/notices/USN-5575-1 Mageia 8 is also affected.
Status comment: (none) => Patch available from UbuntuWhiteboard: (none) => MGA8TOO
No obvious packager for this SRPM, so assigning globally. CC'ing DanF who updated it relatively recently.
Assignee: bugsquad => pkg-bugsCC: (none) => dan
Debian has issued an advisory for this on August 24: https://www.debian.org/security/2022/dsa-5216
Hi, That CVE is fixed in version 1.1.35 so Cauldron is not affected. Best regards, Nico.
CC: (none) => nicolas.salgueroWhiteboard: MGA8TOO => (none)Assignee: pkg-bugs => nicolas.salgueroSource RPM: libxslt-1.1.35-2.mga9.src.rpm => libxslt-1.1.34-2.mga8.src.rpmVersion: Cauldron => 8
Suggested advisory: ======================== The updated packages fix a security vulnerability: Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30560) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30560 https://ubuntu.com/security/notices/USN-5575-1 https://www.debian.org/security/2022/dsa-5216 ======================== Updated packages in core/updates_testing: ======================== lib(64)exslt0-1.1.34-2.1.mga8 lib(64)xslt1-1.1.34-2.1.mga8 lib(64)xslt-devel-1.1.34-2.1.mga8 xsltproc-1.1.34-2.1.mga8 from SRPM: libxslt-1.1.34-2.1.mga8.src.rpm
Status comment: Patch available from Ubuntu => (none)Status: NEW => ASSIGNEDCVE: (none) => CVE-2021-30560Assignee: nicolas.salguero => qa-bugs
No installation issues. Not really sure what I'm doing here, but I attempted to follow the procedure at https://wiki.mageia.org/en/QA_procedure:Libxslt Seems OK, so I'm letting it go. Validating. Advisory in Comment 4.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_updateWhiteboard: (none) => MGA8-64-OK
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0341.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED