Changes for page Engine_libxslt

Last modified by Nicolas Gregoire on 2012/07/23 16:53
From version Icon 35.1 Icon
edited by Nicolas Gregoire
on 2012/01/16 11:42
Change comment: There is no comment for this version
To version Icon 36.1 Icon
edited by Nicolas Gregoire
on 2012/07/23 16:36
Change comment: There is no comment for this version

Summary

Details

Icon Page properties
Content
... ... @@ -19,6 +19,22 @@
19 19  |=xsl:vendor|libxslt
20 20  |=xsl:version|1.0
21 21  
22 += Known parser bugs =
23 +
24 +* Wild read CVE-2012-2825
25 +* Medium CVE-2012-2825: Wild read in XSL handling. Credit to Nicholas Gregoire.
26 +* [110277] Medium CVE-2011-3970: Out-of-bounds read in libxslt. Credit to Aki Helin of OUSPG.
27 +
28 +{{warning}}
29 +TODO: Add a page for libxml2 itself (CVE-2012-2807)
30 +[129930] High CVE-2012-2807: Integer overflows in libxml. Credit to Jüri Aedla.
31 +[125462] High CVE-2011-3102: Off-by-one out-of-bounds write in libxml. Credit to Jüri Aedla.
32 +[107128] High CVE-2011-3919: Heap-buffer-overflow in libxml. Credit to Jüri Aedla.
33 +[95465] Low CVE-2011-3905: Out-of-bounds reads in libxml. Credit to Google Chrome Security Team (Inferno)
34 +[93472] High CVE-2011-2834: Double free in libxml XPath handling. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences.
35 +[89402] High CVE-2011-2821: Double free in libxml XPath handling. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences.
36 +{{/warning}}
37 +
22 22  = Special features =
23 23  
24 24  * File creation