Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2011-1202

Published: 10 March 2011

The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.

Priority

Low

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
hardy Ignored
(uses system xulrunner)
lucid
Released (3.6.17+build3+nobinonly-0ubuntu0.10.04.1)
maverick
Released (3.6.17+build3+nobinonly-0ubuntu0.10.10.1)
natty
Released (4.0.1+build1+nobinonly-0ubuntu0.11.04.1)
oneiric Not vulnerable
(5.0~b2+build1+nobinonly-0ubuntu2)
precise Not vulnerable
(5.0~b2+build1+nobinonly-0ubuntu2)
upstream
Released (3.6.17)
libxslt
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
hardy
Released (1.1.22-1ubuntu1.3)
karmic Ignored
(reached end-of-life)
lucid
Released (1.1.26-1ubuntu1.1)
maverick Ignored
(reached end-of-life)
natty
Released (1.1.26-6ubuntu0.1)
oneiric Not vulnerable
(1.1.26-7)
precise Not vulnerable
(1.1.26-8ubuntu1.1)
upstream
Released (1.1.26-7)
Patches:
upstream: http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f
thunderbird
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Ignored
(reached end-of-life)
lucid
Released (3.1.10+build1+nobinonly-0ubuntu0.10.04.1)
maverick
Released (3.1.10+build1+nobinonly-0ubuntu0.10.10.1)
natty
Released (3.1.10+build1+nobinonly-0ubuntu0.11.04.1)
oneiric Not vulnerable

precise Not vulnerable

upstream Needs triage

xulrunner-1.9.2
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy
Released (1.9.2.17+build3+nobinonly-0ubuntu0.8.04.1)
karmic
Released (1.9.2.17+build3+nobinonly-0ubuntu0.9.10.1)
lucid
Released (1.9.2.17+build3+nobinonly-0ubuntu0.10.04.1)
maverick
Released (1.9.2.17+build3+nobinonly-0ubuntu0.10.10.1)
natty
Released (1.9.2.17+build3+nobinonly-0ubuntu1)
oneiric Does not exist

precise Does not exist

upstream
Released (1.9.2.17)