CVE-2015-9019

Published: 05 April 2017

In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.

Priority

Low

CVSS 3 base score: 5.3

Status

Package Release Status
libxslt
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 20.10 (Groovy Gorilla) Deferred
(2019-07-02)
Ubuntu 20.04 LTS (Focal Fossa) Deferred
(2019-07-02)
Ubuntu 18.04 LTS (Bionic Beaver) Deferred
(2019-07-02)
Ubuntu 16.04 LTS (Xenial Xerus) Deferred
(2019-07-02)
Ubuntu 14.04 ESM (Trusty Tahr) Deferred
(2019-07-02)

Notes

AuthorNote
sbeattie
upstream fixed this for xsltproc, but libxslt remains unfixed
not clear what the security impact of this is

References

Bugs