PublicDate: 2008-08-01 14:41:00 UTC
Candidate: CVE-2008-2935
References: 
 https://ubuntu.com/security/notices/USN-633-1
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2935
Description:
 Multiple heap-based buffer overflows in the rc4 (1) encryption (aka
 exsltCryptoRc4EncryptFunction) and (2) decryption (aka
 exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt
 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary
 code via an XML file containing a long string as "an argument in the XSL
 input."
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: medium
Discovered-by: Chris Evans
Assigned-to: kees
CVSS: 

Patches_libxslt:
upstream_libxslt: released (1.1.25)
dapper_libxslt: released (1.1.15-1ubuntu1.1)
feisty_libxslt: released (1.1.20-0ubuntu2.1)
gutsy_libxslt: released (1.1.21-2ubuntu2.1)
hardy_libxslt: released (1.1.22-1ubuntu1.1)
devel_libxslt: released (1.1.24-1ubuntu2)