You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
No action necessary by maintainers. Users are generally encouraged to say updated to the most recent patch release of Nokogiri (v1.13.8 at the time of writing), but for these CVEs specifically users should make sure they are using Nokogiri >= 1.13.2.
This issue is to track an investigation into the upstream patches applied by Canoncial to libxslt.
References:
Summary of Analysis
No action necessary by maintainers. Users are generally encouraged to say updated to the most recent patch release of Nokogiri (v1.13.8 at the time of writing), but for these CVEs specifically users should make sure they are using Nokogiri
>= 1.13.2.CVE-2019-5815 was fixed by https://gitlab.gnome.org/GNOME/libxslt/-/commit/08b62c258 which was released in libxslt v1.1.34. This version of libxslt was vendored in Nokogiri v1.10.5 on 2019-10-31.
CVE-2021-30560 was fixed by 50f9c9cd3 which was released in libxslt v1.1.35. This version of libxslt was vendored in Nokogiri v1.13.2 on 2022-02-21.
History of this issue
The text was updated successfully, but these errors were encountered: