1
PublicDateAtUSN: 2017-03-10
2
Candidate: CVE-2017-5029
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5029
6
https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html
7
https://usn.ubuntu.com/usn/usn-3236-1
8
https://usn.ubuntu.com/usn/usn-3271-1
10
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in
11
Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux
12
and 57.0.2987.108 for Android, lacked a check for integer overflow during a
13
size calculation, which allowed a remote attacker to perform an out of
14
bounds memory write via a crafted HTML page.
18
https://bugzilla.gnome.org/show_bug.cgi?id=777124
19
https://bugs.chromium.org/p/chromium/issues/detail?id=676623
21
Discovered-by: Holger Fuhrmannek
24
Patches_chromium-browser:
25
upstream_chromium-browser: released (57.0.2987.98)
26
precise_chromium-browser: ignored
27
precise/esm_chromium-browser: DNE (precise was ignored)
28
trusty_chromium-browser: released (58.0.3029.81-0ubuntu0.14.04.1172)
29
vivid/ubuntu-core_chromium-browser: DNE
30
vivid/stable-phone-overlay_chromium-browser: DNE
31
xenial_chromium-browser: released (57.0.2987.98-0ubuntu0.16.04.1276)
32
yakkety_chromium-browser: released (57.0.2987.98-0ubuntu0.16.10.1344)
33
zesty_chromium-browser: released (57.0.2987.98-0ubuntu1.1348)
34
devel_chromium-browser: released (57.0.2987.98-0ubuntu1.1348)
37
upstream_oxide-qt: released (1.21.5)
39
precise/esm_oxide-qt: DNE
40
trusty_oxide-qt: released (1.21.5-0ubuntu0.14.04.1)
41
vivid/ubuntu-core_oxide-qt: DNE
42
vivid/stable-phone-overlay_oxide-qt: ignored (reached end-of-life)
43
xenial_oxide-qt: released (1.21.5-0ubuntu0.16.04.1)
44
yakkety_oxide-qt: released (1.21.5-0ubuntu0.16.10.1)
45
zesty_oxide-qt: released (1.21.5-0ubuntu1)
46
devel_oxide-qt: released (1.21.5-0ubuntu1)
49
upstream: https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5
50
upstream_libxslt: needed
51
precise_libxslt: released (1.1.26-8ubuntu1.4)
52
precise/esm_libxslt: released (1.1.26-8ubuntu1.4)
53
trusty_libxslt: released (1.1.28-2ubuntu0.1)
54
vivid/stable-phone-overlay_libxslt: DNE
55
vivid/ubuntu-core_libxslt: DNE
56
xenial_libxslt: released (1.1.28-2.1ubuntu0.1)
57
yakkety_libxslt: released (1.1.29-1ubuntu0.1)
58
zesty_libxslt: released (1.1.29-2ubuntu0.1)
59
devel_libxslt: not-affected (1.1.29-2.1)