-
-
Notifications
You must be signed in to change notification settings - Fork 905
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vulnerability scanners flagging zlib 1.2.12 CVE-2022-37434 #2626
Comments
The CVE description says:
A quick look at how libxml2 uses zlib shows that |
We received a report that some vulnerability scanners are flagging Nokogiri due to the presence of zlib 1.2.12. We'll release a patch version of Nokogiri with a newer zlib as soon as a newer version is available (as of 2022-08-18 1.2.12 is still the latest release). |
I see that Canonical published USN-5570-2 today updating their distro to address this vulnerability. I also see that zlib released v1.2.13 four days ago, which patches this vulnerability. The next patch release of Nokogiri will include this version. |
v1.13.9 has been released with zlib 1.2.13. |
Recently Canonical issued a patch to zlib as USN-5570-1 to address CVE-2022-37434.
Nokogiri's native gems for Linux, Darwin, and Windows all statically link against zlib, and so this issue exists to investigate whether Nokogiri users may be affected by the CVE.
The text was updated successfully, but these errors were encountered: