[xml] Query regarding the patch for libxml2

Hi team,


This query is regarding the patch libxml2-2.9.4.


We are using Apache Web Server 2.4.25 for which we require libxml2 as a dependency package. We are using the libxml2 version 2.9.4 but we have been informed that recent vulnerabilities are reported in the version 2.9.4 and for the remediation of the same we need to upgrade the libxml2 to the latest one.


We have gone through the below mentioned advisories:





From the advisories we understood that the vulnerabilities have been fixed in the source code repository, but we are really unsure how to implement this as no recent patch has been released yet on the site http://xmlsoft.org/.  Could you kindly provide an insight on how to work the upgrade out?


Or should we wait for the official patch to be released? If so, could you kindly provide an ETA for the same?


Thanks & Regards,

Maumita Mandal


“Seize the day!”



Disclaimer:  This message and the information contained herein is proprietary and confidential and subject to the Tech Mahindra policy statement, you may review the policy at http://www.techmahindra.com/Disclaimer.html externally http://tim.techmahindra.com/tim/disclaimer.html internally within TechMahindra.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]