libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "python-libxslt1": "1.1.28-2ubuntu0.2", "libxslt1-dev": "1.1.28-2ubuntu0.2", "python-libxslt1-dbg": "1.1.28-2ubuntu0.2", "libxslt1.1": "1.1.28-2ubuntu0.2", "python-libxslt1-dbgsym": "1.1.28-2ubuntu0.2", "xsltproc-dbgsym": "1.1.28-2ubuntu0.2", "libxslt1.1-dbgsym": "1.1.28-2ubuntu0.2", "libxslt1-dbg": "1.1.28-2ubuntu0.2", "xsltproc": "1.1.28-2ubuntu0.2", "libxslt1-dev-dbgsym": "1.1.28-2ubuntu0.2" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "python-libxslt1": "1.1.28-2.1ubuntu0.2", "libxslt1-dev": "1.1.28-2.1ubuntu0.2", "python-libxslt1-dbg": "1.1.28-2.1ubuntu0.2", "libxslt1.1": "1.1.28-2.1ubuntu0.2", "xsltproc-dbgsym": "1.1.28-2.1ubuntu0.2", "libxslt1.1-dbgsym": "1.1.28-2.1ubuntu0.2", "libxslt1-dbg": "1.1.28-2.1ubuntu0.2", "xsltproc": "1.1.28-2.1ubuntu0.2", "libxslt1-dev-dbgsym": "1.1.28-2.1ubuntu0.2" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "python-libxslt1": "1.1.29-5ubuntu0.1", "libxslt1-dev": "1.1.29-5ubuntu0.1", "libxslt1-dbg": "1.1.29-5ubuntu0.1", "python-libxslt1-dbg": "1.1.29-5ubuntu0.1", "libxslt1.1": "1.1.29-5ubuntu0.1", "xsltproc": "1.1.29-5ubuntu0.1" } ] }