1
PublicDateAtUSN: 2011-03-10
2
Candidate: CVE-2011-1202
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1202
6
https://usn.ubuntu.com/usn/usn-1112-1
7
https://usn.ubuntu.com/usn/usn-1121-1
8
https://usn.ubuntu.com/usn/usn-1122-2
9
https://usn.ubuntu.com/usn/usn-1122-1
10
http://scarybeastsecurity.blogspot.ca/2011/03/multi-browser-heap-address-leak-in-xslt.html
11
https://rhn.redhat.com/errata/RHSA-2012-1265.html
12
https://usn.ubuntu.com/usn/usn-1595-1
14
The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and
15
earlier, as used in Google Chrome before 10.0.648.127 and other products,
16
allows remote attackers to obtain potentially sensitive information about
17
heap memory addresses via an XML document containing a call to the XSLT
18
generate-id XPath function.
22
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1202
23
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617413
25
Discovered-by: Chris Evans
29
upstream: http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f
30
upstream_libxslt: released (1.1.26-7)
31
dapper_libxslt: ignored (reached end-of-life)
32
hardy_libxslt: released (1.1.22-1ubuntu1.3)
33
karmic_libxslt: ignored (reached end-of-life)
34
lucid_libxslt: released (1.1.26-1ubuntu1.1)
35
maverick_libxslt: ignored (reached end-of-life)
36
natty_libxslt: released (1.1.26-6ubuntu0.1)
37
oneiric_libxslt: not-affected (1.1.26-7)
38
precise_libxslt: not-affected (1.1.26-8ubuntu1.1)
39
devel_libxslt: not-affected (1.1.26-13)
41
Patches_xulrunner-1.9.2:
42
upstream_xulrunner-1.9.2: released (1.9.2.17)
43
dapper_xulrunner-1.9.2: DNE
44
hardy_xulrunner-1.9.2: released (1.9.2.17+build3+nobinonly-0ubuntu0.8.04.1)
45
karmic_xulrunner-1.9.2: released (1.9.2.17+build3+nobinonly-0ubuntu0.9.10.1)
46
lucid_xulrunner-1.9.2: released (1.9.2.17+build3+nobinonly-0ubuntu0.10.04.1)
47
maverick_xulrunner-1.9.2: released (1.9.2.17+build3+nobinonly-0ubuntu0.10.10.1)
48
natty_xulrunner-1.9.2: released (1.9.2.17+build3+nobinonly-0ubuntu1)
49
oneiric_xulrunner-1.9.2: DNE
50
precise_xulrunner-1.9.2: DNE
51
devel_xulrunner-1.9.2: DNE
54
upstream_firefox: released (3.6.17)
55
dapper_firefox: ignored (reached end-of-life)
56
hardy_firefox: ignored (uses system xulrunner)
57
lucid_firefox: released (3.6.17+build3+nobinonly-0ubuntu0.10.04.1)
58
maverick_firefox: released (3.6.17+build3+nobinonly-0ubuntu0.10.10.1)
59
natty_firefox: released (4.0.1+build1+nobinonly-0ubuntu0.11.04.1)
60
oneiric_firefox: not-affected (5.0~b2+build1+nobinonly-0ubuntu2)
61
precise_firefox: not-affected (5.0~b2+build1+nobinonly-0ubuntu2)
62
devel_firefox: not-affected (5.0~b2+build1+nobinonly-0ubuntu2)
65
upstream_thunderbird: needs-triage
66
dapper_thunderbird: DNE
67
hardy_thunderbird: ignored (reached end-of-life)
68
lucid_thunderbird: released (3.1.10+build1+nobinonly-0ubuntu0.10.04.1)
69
maverick_thunderbird: released (3.1.10+build1+nobinonly-0ubuntu0.10.10.1)
70
natty_thunderbird: released (3.1.10+build1+nobinonly-0ubuntu0.11.04.1)
71
oneiric_thunderbird: not-affected
72
precise_thunderbird: not-affected
73
devel_thunderbird: not-affected