Hi team, This query is regarding the patch libxml2-2.9.4.
We are using Apache Web Server 2.4.25 for which we require libxml2 as a dependency package. We are using the libxml2 version 2.9.4 but we have been informed that recent vulnerabilities are reported in the version 2.9.4 and for the remediation of the same we need to upgrade the libxml2 to the latest one. We have gone through the below mentioned advisories: https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e >From the advisories we understood that the vulnerabilities have been fixed in >the source code repository, but we are really unsure how to implement this as >no recent patch has been released yet on the site http://xmlsoft.org/. Could >you kindly provide an insight on how to work the upgrade out? Or should we wait for the official patch to be released? If so, could you kindly provide an ETA for the same? Thanks & Regards, Maumita Mandal "Seize the day!" ============================================================================================================================ Disclaimer: This message and the information contained herein is proprietary and confidential and subject to the Tech Mahindra policy statement, you may review the policy at http://www.techmahindra.com/Disclaimer.html <http://www.techmahindra.com/Disclaimer.html> externally http://tim.techmahindra.com/tim/disclaimer.html <http://tim.techmahindra.com/tim/disclaimer.html> internally within TechMahindra. ============================================================================================================================
_______________________________________________ xml mailing list, project page http://xmlsoft.org/ xml@gnome.org https://mail.gnome.org/mailman/listinfo/xml