github-actions[bot]
commented
1 month ago Migrated issue to PA-6973
Closed mhashizume closed 1 week ago
github-actions[bot]
commented
1 month ago Migrated issue to PA-6973
We currently vendor libxml2 2.12.6. The latest version of libxml2 is 2.13.4, which includes fixes to three vulnerabilities in 2.12.6:
We should upgrade libxml2 from 2.12.6 to 2.13.4 to address these vulnerabilities.
Note: it does appear that GNOME, the maintainers of libxml2, are maintaining a few different branches of libxml2 (2.12.z and 2.13.z), but the latest 2.12.z release, 2.12.9, does not include a fix for CVE-2024-25062.