1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
Candidate: CVE-2016-4607
PublicDate: 2016-07-21
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4607
http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html
http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html
http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html
http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html
http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html
https://support.apple.com/HT206899
https://support.apple.com/HT206901
https://support.apple.com/HT206902
https://support.apple.com/HT206903
https://support.apple.com/HT206904
https://support.apple.com/HT206905
http://www.ubuntu.com/usn/usn-3271-1
Description:
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before
12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and
watchOS before 2.2.2 allows remote attackers to cause a denial of service
(memory corruption) or possibly have unspecified other impact via unknown
vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609,
CVE-2016-4610, and CVE-2016-4612.
Ubuntu-Description:
Notes:
mdeslaur> per Nick Wellnhofer, possibly one of these commits:
mdeslaur> https://git.gnome.org/browse/libxslt/commit/?id=ef7429bb4f1433726cc8fc4fe3d134d8a439fab1
mdeslaur> https://git.gnome.org/browse/libxslt/commit/?id=93bb314768aafaffad1df15bbee10b7c5423e283
mdeslaur> https://git.gnome.org/browse/libxslt/commit/?id=8b90c9a699e0eaa98bbeec63a473ddc73aaa238c
mdeslaur> https://git.gnome.org/browse/libxslt/commit/?id=87c3d9ea214fc0503fd8130b6dd97431d69cc066
sbeattie> given the above, these were fixed in the upstream 1.1.29
release
sbeattie> incorporated patches into USN 3271-1
Bugs:
Priority: medium
Discovered-by: Nick Wellnhofer
Assigned-to:
Patches_libxslt:
upstream_libxslt: released (1.1.29-1)
precise_libxslt: released (1.1.26-8ubuntu1.4)
trusty_libxslt: released (1.1.28-2ubuntu0.1)
vivid/stable-phone-overlay_libxslt: DNE
vivid/ubuntu-core_libxslt: DNE
wily_libxslt: ignored (reached end-of-life)
xenial_libxslt: released (1.1.28-2.1ubuntu0.1)
yakkety_libxslt: not-affected (1.1.29-1)
zesty_libxslt: not-affected (1.1.29-1)
devel_libxslt: not-affected (1.1.29-1)
|