Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade libxml2 #916

Closed
mhashizume opened this issue Sep 19, 2024 · 1 comment · Fixed by #918
Closed

Upgrade libxml2 #916

mhashizume opened this issue Sep 19, 2024 · 1 comment · Fixed by #918
Labels
triaged Jira issue has been created for this

Comments

@mhashizume
Copy link
Contributor

We currently vendor libxml2 2.12.6. The latest version of libxml2 is 2.13.4, which includes fixes to three vulnerabilities in 2.12.6:

We should upgrade libxml2 from 2.12.6 to 2.13.4 to address these vulnerabilities.

Note: it does appear that GNOME, the maintainers of libxml2, are maintaining a few different branches of libxml2 (2.12.z and 2.13.z), but the latest 2.12.z release, 2.12.9, does not include a fix for CVE-2024-25062.
@mhashizume mhashizume added the triaged Jira issue has been created for this label Sep 19, 2024
@github-actions GitHub Actions
Copy link

Migrated issue to PA-6973

@mhashizume mhashizume linked a pull request Nov 1, 2024 that will close this issue
(PA-6973) Upgrade libxml2 and libxslt #918
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
triaged Jira issue has been created for this
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

(PA-6973) Upgrade libxml2 and libxslt skyamgarp/puppet-runtime
1 participant
@mhashizume