[PA-2337] Update libxml2 to 2.9.8 and add patches for CVEs - Puppet Jira Server

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Normal
Resolution: Done
Affects Version/s: None
Fix Version/s: None
Component/s: Security
Labels:
- security

Epic Link:
2018 Security Fixes
Team:
Platform OS
Sprint:
Platform OS Kanban
Method Found:
Needs Assessment

Release Notes:
Security Fix
Release Notes Summary:
This fixes security issues in libxml2 2.9.4 affected by CVE-2016-9318, CVE-2017-16932, CVE-2017-18258, CVE-2018-9251, CVE-2018-14404, and CVE-2018-14567.

QA Risk Assessment:
Needs Assessment

Description

libxml2 2.9.8 has fixes for a number of security issues.

In addition, there are two unreleased fixes that we'll need to pull in and apply as patches:

https://gitlab.gnome.org/GNOME/libxml2/commit/a436374994c47b12d5de1b8b1d191a098fa23594
https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74

Attachments

Activity

People

Assignee:: Enis Inan

Reporter:: Rob Braden

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2018/11/27 2:23 PM

Updated:: 2019/01/15 2:59 PM

Resolved:: 2019/01/15 1:44 PM

Zendesk Support