Opened 2 years ago
Closed 2 years ago
#17185 closed enhancement (fixed)
libxml2-2.10.3
| Reported by: | Bruce Dubbs | Owned by: | pierre |
|---|---|---|---|
| Priority: | elevated | Milestone: | 11.3 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description ¶
New point version.
Change History (6)
comment:1 by , 2 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 2 years ago
| Priority: | normal → elevated |
|---|
libxml2 2.10.3
Security
- [CVE-2022-40304] Fix dict corruption caused by entity reference cycles
- [CVE-2022-40303] Fix integer overflows with XML_PARSE_HUGE
- Fix overflow check in SAX2.c
Portability
- win32: Fix build with VS2013
Build system
- cmake: Set SOVERSION
comment:5 by , 2 years ago
Red Hat has the CVSSv3 set at 8.8 for both of these, so I'm going to mark it as High. I think High is also warranted because of the amount of packages that indirectly use this library
comment:6 by , 2 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
SA-11.2-020 issued, closing this ticket
Note:
See TracTickets
for help on using tickets.
Will try to update the graphical stack (and a few other packages that I know well)