#17185 closed enhancement (fixed)


Reported by: Bruce Dubbs Owned by: pierre
Priority: elevated Milestone: 11.3
Component: BOOK Version: git
Severity: normal Keywords:


New point version.

Change History (6)

comment:1 by pierre, 12 months ago

Owner: changed from blfs-book to pierre
Status: newassigned

Will try to update the graphical stack (and a few other packages that I know well)

comment:2 by pierre, 12 months ago

Priority: normalelevated

libxml2 2.10.3


  • [CVE-2022-40304] Fix dict corruption caused by entity reference cycles
  • [CVE-2022-40303] Fix integer overflows with XML_PARSE_HUGE
  • Fix overflow check in SAX2.c


  • win32: Fix build with VS2013

Build system

  • cmake: Set SOVERSION

comment:3 by pierre, 12 months ago

No information on the CVE's at MITRE. Redhat rates them as moderate.

comment:4 by pierre, 12 months ago

Committed 6cd8a9a304. Leaving open for SA.

comment:5 by Douglas R. Reno, 11 months ago

Red Hat has the CVSSv3 set at 8.8 for both of these, so I'm going to mark it as High. I think High is also warranted because of the amount of packages that indirectly use this library

comment:6 by Douglas R. Reno, 11 months ago

Resolution: fixed
Status: assignedclosed

SA-11.2-020 issued, closing this ticket

Note: See TracTickets for help on using tickets.