Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Investigate libxslt patches in USN-5575-1 #2630

Closed
flavorjones opened this issue Aug 22, 2022 · 0 comments
Closed

Investigate libxslt patches in USN-5575-1 #2630

flavorjones opened this issue Aug 22, 2022 · 0 comments

Comments

@flavorjones
Copy link
Member

This issue is to track an investigation into the upstream patches applied by Canoncial to libxslt.

References:

Summary of Analysis

No action necessary by maintainers. Users are generally encouraged to say updated to the most recent patch release of Nokogiri (v1.13.8 at the time of writing), but for these CVEs specifically users should make sure they are using Nokogiri >= 1.13.2.

CVE-2019-5815 was fixed by https://gitlab.gnome.org/GNOME/libxslt/-/commit/08b62c258 which was released in libxslt v1.1.34. This version of libxslt was vendored in Nokogiri v1.10.5 on 2019-10-31.

CVE-2021-30560 was fixed by 50f9c9cd3 which was released in libxslt v1.1.35. This version of libxslt was vendored in Nokogiri v1.13.2 on 2022-02-21.


History of this issue

  • 2022-08-22 Canonical published USN
  • 2022-08-22 Nokogiri maintainer investigates and publishes the above summary.
# for free to join this conversation on GitHub. Already have an account? # to comment
Projects
None yet
Development

No branches or pull requests

1 participant