← Back to branch summary

~ubuntu-security/ubuntu-cve-tracker/master 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

Candidate: CVE-2016-4607
PublicDate: 2016-07-21
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4607
 http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html
 http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html
 http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html
 http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html
 http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html
 https://support.apple.com/HT206899
 https://support.apple.com/HT206901
 https://support.apple.com/HT206902
 https://support.apple.com/HT206903
 https://support.apple.com/HT206904
 https://support.apple.com/HT206905
 http://www.ubuntu.com/usn/usn-3271-1
Description:
 libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before
 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and
 watchOS before 2.2.2 allows remote attackers to cause a denial of service
 (memory corruption) or possibly have unspecified other impact via unknown
 vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609,
 CVE-2016-4610, and CVE-2016-4612.
Ubuntu-Description:
Notes:
 mdeslaur> per Nick Wellnhofer, possibly one of these commits:
 mdeslaur> https://git.gnome.org/browse/libxslt/commit/?id=ef7429bb4f1433726cc8fc4fe3d134d8a439fab1
 mdeslaur> https://git.gnome.org/browse/libxslt/commit/?id=93bb314768aafaffad1df15bbee10b7c5423e283
 mdeslaur> https://git.gnome.org/browse/libxslt/commit/?id=8b90c9a699e0eaa98bbeec63a473ddc73aaa238c
 mdeslaur> https://git.gnome.org/browse/libxslt/commit/?id=87c3d9ea214fc0503fd8130b6dd97431d69cc066
 sbeattie> given the above, these were fixed in the upstream 1.1.29
   release
 sbeattie> incorporated patches into USN 3271-1
Bugs:
Priority: medium
Discovered-by: Nick Wellnhofer
Assigned-to:

Patches_libxslt:
upstream_libxslt: released (1.1.29-1)
precise_libxslt: released (1.1.26-8ubuntu1.4)
trusty_libxslt: released (1.1.28-2ubuntu0.1)
vivid/stable-phone-overlay_libxslt: DNE
vivid/ubuntu-core_libxslt: DNE
wily_libxslt: ignored (reached end-of-life)
xenial_libxslt: released (1.1.28-2.1ubuntu0.1)
yakkety_libxslt: not-affected (1.1.29-1)
zesty_libxslt: not-affected (1.1.29-1)
devel_libxslt: not-affected (1.1.29-1)