-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5884-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 23, 2025 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libxslt CVE ID : CVE-2024-55549 CVE-2025-24855 Debian Bug : 1100565 1100566 Ivan Fratric discovered two use-after-free vulnerabilities in libxslt, an XSLT processing runtime library, which may result in the execution of arbitrary code if a specially crafted files are processed. For the stable distribution (bookworm), these problems have been fixed in version 1.1.35-1+deb12u1. We recommend that you upgrade your libxslt packages. For the detailed security status of libxslt please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libxslt Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmfgEtdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Ti5g/+JD0tgbozRtMeu350/gfB1L3SNy5AW/CcPHeWiF/9V6xPBh3uBfiNg6lQ /iapOsRaCzJoxjO5ZNcn+ilduKo2ZJEa3ctoP3Mx0rUXXcfLvnZ9pl+iQ5+KNvDQ BIWG9osDcVewQ+6Ue6XRUuPZTf6ETH3EyGCK3yltPFjXf7D197MWhSCcabxZxEPs akyeiVTJx2NcTDayg4hEc3nYEw5iFRwGoBRRcohb57HtdThJNPzNGK3emW5Q5G75 TfEAL2mE40j0O88lbA9acElxLdcHt2bTrkrpSk95mVeXROh3r/qrsP9vh+fG85PR v/C7UsygxoORoH565JEROmiHbt2DmONVvWLHTqKvEWG98F3E/yMroICva01jKMpa 7lqRXPXfmDCOvO79YoenEs1qofYxuCsx1p4lDLwBDVHCyyBl1uLcliDZ8oIzNEAk qppEtNZM/C4I5DgJOFYwk6eJt5HAdgzNzV2qqF21JvX/wHPJlWZa/BFNIL0Tp6kF u9aYVMvVRKVmawSWypgvAGFmvtgfImWZFfy4HqW2FsKGNbL+0Ppqtu/AKKwxN+/v UT3n817pm8uR5te9VDhH2cJNeL195wQ3HXOi1IGGSD5bZGQIBOf+Ky/MCzD56rZ/ pWrE0aads5nc5zuvZXeNf+efLQQfoo1Fia+mlaupYJhYB6fWpGs= =qjKq -----END PGP SIGNATURE-----