Updated libxslt packages has been released for Debian GNU/Linux 7 Extended LTS
Package: libxsltLibxslt Security Update for Debian 7 ELTS
Version: 1.1.26-14.1+deb7u5
Related CVE: CVE-2019-13117 CVE-2019-13118
Two flaws were discovered in libxslt, the XSLT processing library.
CVE-2019-13117
An xsl:number with certain format strings could lead to an uninitialized
read in xsltNumberFormatInsertNumbers. This could allow an attacker to
discern whether a byte on the stack contains the characters A, a, I, i, or
0, or any other character.
CVE-2019-13118
A type holding grouping characters of an xsl:number instruction was too
narrow and an invalid character/length combination could be passed to
xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
For Debian 7 Wheezy, these problems have been fixed in version 1.1.26-14.1+deb7u5.
We recommend that you upgrade your libxslt packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/
