Skip to content
This repository has been archived by the owner on Jan 15, 2025. It is now read-only.

Upgrade libxml2 #916

Closed
mhashizume opened this issue Sep 19, 2024 · 1 comment · Fixed by #918
Closed

Upgrade libxml2 #916

mhashizume opened this issue Sep 19, 2024 · 1 comment · Fixed by #918
Labels
triaged Jira issue has been created for this

Comments

@mhashizume
Copy link
Contributor

We currently vendor libxml2 2.12.6. The latest version of libxml2 is 2.13.4, which includes fixes to three vulnerabilities in 2.12.6:

We should upgrade libxml2 from 2.12.6 to 2.13.4 to address these vulnerabilities.

Note: it does appear that GNOME, the maintainers of libxml2, are maintaining a few different branches of libxml2 (2.12.z and 2.13.z), but the latest 2.12.z release, 2.12.9, does not include a fix for CVE-2024-25062.
@mhashizume mhashizume added the triaged Jira issue has been created for this label Sep 19, 2024
@github-actions GitHub Actions
Copy link

Migrated issue to PA-6973

@mhashizume mhashizume linked a pull request Nov 1, 2024 that will close this issue
(PA-6973) Upgrade libxml2 and libxslt #918
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
triaged Jira issue has been created for this
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

(PA-6973) Upgrade libxml2 and libxslt skyamgarp/puppet-runtime
1 participant
@mhashizume