It was reported [1] that libxlst would crash with a segfault when proessing XML files with an empty xls:key/@match attribute. This has been fixed in version 1.1.28 [2]. [1] https://bugzilla.gnome.org/show_bug.cgi?id=685328 [2] https://git.gnome.org/browse/libxslt/commit/?id=dc11b6b379a882418093ecc8adf11f6166682e8d
CVE-2012-6139 has been assigned http://www.openwall.com/lists/oss-security/2013/03/25/10
*** Bug 927388 has been marked as a duplicate of this bug. ***
The following issue was merged with this one under one CVE: It was reported [1] that libxlst would crash with a segfault due to a read near NULL occurring in xsltDocumentFunction() when an uninitialized variable is used as a parameter to the document() function. This has been fixed in version 1.1.28 [2]. [1] https://bugzilla.gnome.org/show_bug.cgi?id=685330 [2] https://git.gnome.org/browse/libxslt/commit/?id=6c99c519d97e5fcbec7a9537d190efb442e4e833
This issue affects the versions of the libxslt package, as shipped with Fedora release of 17 and 18. Please schedule an update.
Created libxslt tracking bugs for this issue Affects: fedora-all [bug 927580]
Created mingw-libxslt tracking bugs for this issue Affects: fedora-all [bug 927945]
(In reply to comment #6) > Created mingw-libxslt tracking bugs for this issue > > Affects: fedora-all [bug 927945] The package mingw-libxslt is already at version 1.1.28 in all supported Fedora branches, so it shouldn't be affected if I'm correct
Statement: Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.