Summary: | <dev-libs/libxml2-2.9.2: expansion attach (CVE-2014-3660) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hanno Böck <hanno> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Hanno Böck
2014-10-17 14:17:03 UTC
+*libxml2-2.9.2 (18 Oct 2014) + + 18 Oct 2014; Pacho Ramos <pacho@gentoo.org> + +files/libxml2-2.9.2-icu-pkgconfig.patch, + +files/libxml2-2.9.2-revert-missing-initialization.patch, + +libxml2-2.9.2.ebuild: + Version bump + ready for the stabilization? I am using it since yesterday and looks ok for me (at least doesn't seem to break anything) (In reply to Pacho Ramos from comment #3) > I am using it since yesterday and looks ok for me (at least doesn't seem to > break anything) ++ amd64 stable Should I second-guess what is to be done here? stabilize the only version fixing this security bug Stable for HPPA. ppc64 stable arm stable sparc stable alpha stable ppc stable x86 stable ia64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. New request added + 09 Dec 2014; Pacho Ramos <pacho@gentoo.org> + -files/libxml2-2.9.0-manual-python.patch, + -files/libxml2-2.9.0-thread-alloc.patch, + -files/libxml2-2.9.1-compression-detection.patch, + -files/libxml2-2.9.1-external-param-entities.patch, + -files/libxml2-2.9.1-icu-pkgconfig.patch, + -files/libxml2-2.9.1-missing-break.patch, + -files/libxml2-2.9.1-non-ascii-cr-lf.patch, + -files/libxml2-2.9.1-python-2.6.patch, -files/libxml2-2.9.1-python3.patch, + -files/libxml2-2.9.1-python3a.patch, + -files/libxml2-2.9.1-xmllint-postvalid.patch, -libxml2-2.9.1-r4.ebuild, + -libxml2-2.9.1-r5.ebuild: + Cleanup due to security bug #525656 + Thank you for cleanup This issue was resolved and addressed in GLSA 201412-06 at http://security.gentoo.org/glsa/glsa-201412-06.xml by GLSA coordinator Sergey Popov (pinkbyte). |