|
Hi team, This query is regarding the patch libxml2-2.9.4.
We are using Apache Web Server 2.4.25 for which we require libxml2 as a dependency package. We are using the libxml2 version 2.9.4 but we have been informed that recent vulnerabilities are reported in the version
2.9.4 and for the remediation of the same we need to upgrade the libxml2 to the latest one. We have gone through the below mentioned advisories: https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e From the advisories we understood that the vulnerabilities have been fixed in the source code repository, but we are really unsure how to implement this as no recent patch has been released yet on the site
http://xmlsoft.org/. Could you kindly provide an insight on how to work the upgrade out?
Or should we wait for the official patch to be released? If so, could you kindly provide an ETA for the same?
Thanks & Regards, Maumita Mandal “Seize the day!” ============================================================================================================================ Disclaimer: This message
and the information contained herein is proprietary and confidential and
subject to the Tech Mahindra policy statement, you may review the policy at http://www.techmahindra.com/Disclaimer.html
externally http://tim.techmahindra.com/tim/disclaimer.html
internally within TechMahindra. ============================================================================================================================ |