Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

update: libxml2 #1447

Closed
sayanchowdhury opened this issue May 17, 2024 · 1 comment · Fixed by flatcar/scripts#2070
Closed

update: libxml2 #1447

sayanchowdhury opened this issue May 17, 2024 · 1 comment · Fixed by flatcar/scripts#2070
Labels
advisory security advisory cvss/LOW < 4 assessed CVSS security security concerns

Comments

@sayanchowdhury
Copy link
Member

Name: libxml2
CVEs: CVE-2024-34459
CVSSs: N/A
Action Needed: Update to >= 2.11.8 or >= 2.12.7

Summary: An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.

refmap.gentoo: https://bugs.gentoo.org/931977
@sayanchowdhury sayanchowdhury added security security concerns advisory security advisory labels May 17, 2024
@sayanchowdhury
Copy link
Member Author

From the description and comments, it seems that the severity is low. Will update when there is update on NVD

@sayanchowdhury sayanchowdhury added the cvss/LOW < 4 assessed CVSS label May 17, 2024
@dongsupark dongsupark moved this from 📝 Needs Triage to 🪵Backlog in Flatcar tactical, release planning, and roadmap May 17, 2024
@github-actions github-actions bot mentioned this issue May 22, 2024
Closed
@github-actions github-actions bot mentioned this issue Jun 22, 2024
Closed
@krnowak krnowak mentioned this issue Jul 5, 2024
Merged
2 tasks
@dongsupark dongsupark moved this from 🪵Backlog to ⚒️ In Progress in Flatcar tactical, release planning, and roadmap Jul 8, 2024
@github-project-automation github-project-automation bot moved this from ⚒️ In Progress to Implemented in Flatcar tactical, release planning, and roadmap Jul 16, 2024
@github-actions github-actions bot mentioned this issue Jul 22, 2024
Closed
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
advisory security advisory cvss/LOW < 4 assessed CVSS security security concerns
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Weekly portage-stable package updates 2024-07-01 flatcar/scripts
1 participant
@sayanchowdhury