Fedora 31: libxslt FEDORA-2019-fdf6ec39b4 critical: uninitialized read fix

This C library allows to transform XML files into other XML files

(or HTML, text, ...) using the standard XSLT stylesheet transformation

mechanism. To use it you need to have a version of libxml2 >= 2.6.27

installed. The xsltproc command is a command line interface to the XSLT engine

Fixes for CVE-2019-13117, CVE-2019-13118

* Fri Oct 11 2019 Jakub Jelen - 1.1.33-4

- Do not build python bindings even if the python is available

- Fix CVE-2019-13117 (#1728547)

- Fix CVE-2019-13118 (#1728542)

* Tue Sep 10 2019 Richard W.M. Jones - 1.1.33-3

- Comment out Python bindings until upstream can convert them to Python 3.

[ 1 ] Bug #1728546 - CVE-2019-13117 libxslt: an xsl number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers

https://bugzilla.redhat.com/show_bug.cgi?id=1728546

[ 2 ] Bug #1728541 - CVE-2019-13118 libxslt: read of uninitialized stack data due to too narrow xsl:number instruction and an invalid character

https://bugzilla.redhat.com/show_bug.cgi?id=1728541

su -c 'dnf upgrade --advisory FEDORA-2019-fdf6ec39b4' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/