Your submission was sent successfully! Close

CVE-2015-9019

Published: 5 April 2017

In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.

Priority

Low

CVSS 3 base score: 5.3

Status

Package Release Status
libxslt
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Deferred
(2019-07-02)
cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Deferred
(2019-07-02)
groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Deferred
(2019-07-02)
jammy Deferred
(2019-07-02)
precise Ignored
(end of ESM support, was deferred [2019-07-02])
trusty Deferred
(2019-07-02)
upstream Needed

xenial Deferred
(2019-07-02)
yakkety Ignored
(reached end-of-life)
zesty Ignored
(reached end-of-life)

Notes

AuthorNote
sbeattie
upstream fixed this for xsltproc, but libxslt remains unfixed
not clear what the security impact of this is

References

Bugs