Nick Wellnhofer schrieb am 23.02.22 um 11:36:
I asked on GNOME infra if it is possible to offer .tar.gz downloads, but
this would require changes to the upload script.
Thanks for asking.
Stefan
___
xml mailing list, project page http://xmlsoft.org/
On 23/02/2022 08:17, Stefan Behnel wrote:
Could you make the archives available in a (second) format that matches all
(previous) releases?
The archives are automatically converted to .tar.xz when uploaded to the GNOME
download server. I have no influence on that. Personally, I'd prefer .tar.gz
Nick Wellnhofer via xml schrieb am 20.02.22 um 13:53:
Version 2.9.13 of libxml2 is available at:
https://download.gnome.org/sources/libxml2/2.9/
Thank you for the release, Nick!
Note that starting with this release, libxml2 tarballs are published on
download.gnome.org instead of ftp.xm
This is very helpful. Thanks as always, Nick.
On Mon, Feb 21, 2022 at 11:42 AM Nick Wellnhofer
wrote:
> On 21/02/2022 14:57, Mike Dalessio wrote:
> > I'm not asking specifically for a CVSS score for this vulnerability, and
> I'm
> > certainly not asking you to create a CVE for every memory fix t
On 21/02/2022 14:57, Mike Dalessio wrote:
I'm not asking specifically for a CVSS score for this vulnerability, and I'm
certainly not asking you to create a CVE for every memory fix that's found.
I'm only asking for a more accessible explanation of the conditions under
which an application might
Hi Nick,
I understand and appreciate the general difficulty of scoring severity
without some application-specific context. And I don't disagree with your
take on CVSS scores for libraries.
However, downstream maintainers may want to issue our own security
advisories so that our users can make an
On 20/02/2022 20:50, Mike Dalessio wrote:
Is there any additional information about CVE-2022-23308 (other than the
commit log) that would help downstream projects triage? Was there a CVSS score
calculated or severity assigned?
In this case, the CVE record is managed by a third party. It should
Nick, thank you for shipping this release!
Is there any additional information about CVE-2022-23308 (other than the
commit log) that would help downstream projects triage? Was there a CVSS
score calculated or severity assigned?
On Sun, Feb 20, 2022 at 7:53 AM Nick Wellnhofer via xml
wrote:
> Ve
On Sun, Feb 20, 2022 at 7:53 AM Nick Wellnhofer via xml wrote:
>
> Version 2.9.13 of libxml2 is available at:
>
> https://download.gnome.org/sources/libxml2/2.9/
>
> Note that starting with this release, libxml2 tarballs are published on
> download.gnome.org instead of ftp.xmlsoft.org.
>
> ##
Version 2.9.13 of libxml2 is available at:
https://download.gnome.org/sources/libxml2/2.9/
Note that starting with this release, libxml2 tarballs are published on
download.gnome.org instead of ftp.xmlsoft.org.
### Security
- [CVE-2022-23308] Use-after-free of ID and IDREF attributes
(T
10 matches
Mail list logo
