summary refs log tree commit diff
path: root/gnu
diff options
context:
space:
mode:
Diffstat (limited to 'gnu')
-rw-r--r--gnu/packages/patches/libxslt-CVE-2015-7995.patch29
-rw-r--r--gnu/packages/xml.scm3
2 files changed, 31 insertions, 1 deletions
diff --git a/gnu/packages/patches/libxslt-CVE-2015-7995.patch b/gnu/packages/patches/libxslt-CVE-2015-7995.patch
new file mode 100644
index 0000000000..f291d5b387
--- /dev/null
+++ b/gnu/packages/patches/libxslt-CVE-2015-7995.patch
@@ -0,0 +1,29 @@
+From 7ca19df892ca22d9314e95d59ce2abdeff46b617 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Thu, 29 Oct 2015 19:33:23 +0800
+Subject: [PATCH] Fix for type confusion in preprocessing attributes
+
+CVE-2015-7995 http://www.openwall.com/lists/oss-security/2015/10/27/10
+We need to check that the parent node is an element before dereferencing
+its namespace
+---
+ libxslt/preproc.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/libxslt/preproc.c b/libxslt/preproc.c
+index 0eb80a0..7f69325 100644
+--- a/libxslt/preproc.c
++++ b/libxslt/preproc.c
+@@ -2249,7 +2249,8 @@ xsltStylePreCompute(xsltStylesheetPtr style, xmlNodePtr inst) {
+ 	} else if (IS_XSLT_NAME(inst, "attribute")) {
+ 	    xmlNodePtr parent = inst->parent;
+ 
+-	    if ((parent == NULL) || (parent->ns == NULL) ||
++	    if ((parent == NULL) ||
++	        (parent->type != XML_ELEMENT_NODE) || (parent->ns == NULL) ||
+ 		((parent->ns != inst->ns) &&
+ 		 (!xmlStrEqual(parent->ns->href, inst->ns->href))) ||
+ 		(!xmlStrEqual(parent->name, BAD_CAST "attribute-set"))) {
+-- 
+2.6.3
+
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index 90ad521c3d..a296e0ac73 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -150,7 +150,8 @@ project (but it is usable outside of the Gnome platform).")
                                  version ".tar.gz"))
              (sha256
               (base32
-               "13029baw9kkyjgr7q3jccw2mz38amq7mmpr5p3bh775qawd1bisz"))))
+               "13029baw9kkyjgr7q3jccw2mz38amq7mmpr5p3bh775qawd1bisz"))
+             (patches (list (search-patch "libxslt-CVE-2015-7995.patch")))))
     (build-system gnu-build-system)
     (home-page "http://xmlsoft.org/XSLT/index.html")
     (synopsis "C library for applying XSLT stylesheets to XML documents")