[xml] Query regarding the patch for libxml2



Hi team,

 

This query is regarding the patch libxml2-2.9.4.

 

We are using Apache Web Server 2.4.25 for which we require libxml2 as a dependency package. We are using the libxml2 version 2.9.4 but we have been informed that recent vulnerabilities are reported in the version 2.9.4 and for the remediation of the same we need to upgrade the libxml2 to the latest one.

 

We have gone through the below mentioned advisories:

 

https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b

https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e

 

From the advisories we understood that the vulnerabilities have been fixed in the source code repository, but we are really unsure how to implement this as no recent patch has been released yet on the site http://xmlsoft.org/.  Could you kindly provide an insight on how to work the upgrade out?

 

Or should we wait for the official patch to be released? If so, could you kindly provide an ETA for the same?

 

Thanks & Regards,

Maumita Mandal

 

“Seize the day!”

 

============================================================================================================================

Disclaimer:  This message and the information contained herein is proprietary and confidential and subject to the Tech Mahindra policy statement, you may review the policy at http://www.techmahindra.com/Disclaimer.html externally http://tim.techmahindra.com/tim/disclaimer.html internally within TechMahindra.

============================================================================================================================



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]