False positive reported on python3-lxml CVE-2022-2309 #431
Description
CVE-2022-2309 vulnerability only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected.
As per https://www.suse.com/security/cve/CVE-2022-2309.html, this vulnerability is fixed in python3-lxml >= 4.9.1-150500.1.2, this version is already part of the product, however XRAY is identifying this package as affected with this vulnerability. Please fix this false positive.
XRAY version used for scan - 3.124.16 Revision: 679c9d5dde Enterprise License.
SUSE version - SUSE Linux Enterprise Module for Basesystem 15 SP6