CVE-2013-2902
Published: 21 August 2013
Use-after-free vulnerability in the XSLT ProcessingInstruction implementation in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to an applyXSLTransform call involving (1) an HTML document or (2) an xsl:processing-instruction element that is still in the process of loading.
Notes
Author | Note |
---|---|
seth-arnold | As of 2013-08-21, I don't know if libxslt needs an update or if this is strictly in chromium-browser. |
mdeslaur | fix was in chromium, marking libxslt as not-affected |
Priority
Status
Package | Release | Status |
---|---|---|
chromium-browser Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Released
(30.0.1599.114-0ubuntu0.12.04.3)
|
|
quantal |
Released
(30.0.1599.114-0ubuntu0.12.10.2)
|
|
raring |
Released
(30.0.1599.114-0ubuntu0.13.04.2)
|
|
saucy |
Not vulnerable
(29.0.1547.65-0ubuntu2)
|
|
upstream |
Released
(29.0.1547.57)
|
|
libxslt Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
|
precise |
Not vulnerable
|
|
quantal |
Not vulnerable
|
|
raring |
Not vulnerable
|
|
saucy |
Not vulnerable
|
|
upstream |
Needs triage
|