|Related CVEs||CVE-2019-13117 CVE-2019-13118|
Two flaws were discovered in libxslt, the XSLT processing library.
CVE-2019-13117 An xsl:number with certain format strings could lead to an uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character. CVE-2019-13118 A type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
For Debian 7 Wheezy, these problems have been fixed in version 1.1.26-14.1+deb7u5.
We recommend that you upgrade your libxslt packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/