| Package | libxslt |
|---|---|
| Version | 1.1.28-2+deb8u8 (jessie), 1.1.29-2.1+deb9u4 (stretch), 1.1.32-2.2~deb10u3 (buster) |
| Related CVEs | CVE-2024-55549 CVE-2025-24855 |
Two use-after-free vulnerabilities have been fixed in the XSLT processing library libxslt.
CVE-2024-55549
Use-after-free related to excluded namespaces
CVE-2025-24855
Use-after-free of XPath context node
For Debian 10 buster, these problems have been fixed in version 1.1.32-2.2~deb10u3.
For Debian 8 jessie, these problems have been fixed in version 1.1.28-2+deb8u8.
For Debian 9 stretch, these problems have been fixed in version 1.1.29-2.1+deb9u4.
We recommend that you upgrade your libxslt packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.