[php-maint] Bug PHP xsl CVE-2012-0057.patch

grok at no-log.org grok at no-log.org
Tue Jan 31 09:33:38 UTC 2012


I don't know who I'm sending this message to the right address:
A recent update in debian 6.0.4 broke php5-xsl.

I found the bug in patch: CVE-2012-0057.patch
On line 478 of the patched file ext/xsl/xsltprocessor.c:
Should be :	int secPrefsError=0;
Instead of: int secPrefsError;

Otherwise you will always get the error:
warning: XSLTProcessor::transformToXml() [xsltprocessor.transformtoxml]: Can't set libxslt security properties, not doing transformation for security reasons



More information about the pkg-php-maint mailing list