[3.10] libxslt: security framework bypass (CVE-2019-11068)
libxslt through 1.1.33 allows bypass of a protection mechanism because
callers of xsltCheckRead and xsltCheckWrite permit access even upon
receiving a –1 error code. xsltCheckRead can return –1 for a crafted URL that is not actually invalid and is subsequently loaded.
(from redmine: issue id 10277, created on 2019-04-17, closed on 2019-04-18)
- parent #10276 (closed)
- Revision 5f61e0e1 by Natanael Copa on 2019-04-17T07:17:59Z:
main/libxslt: security fix for CVE-2019-11068 fixes #10277