The upstream changelog for 1.8.28 says: SECURITY: Fixed three buffer overflow issues when reading AFM files and parsing page sizes. The ebuild already contains a patch for an overflow, but as the changelog talks about three I assume this doesn't cover all of them. htmldoc is currently maintainer-needed.
No corresponding CVE's. Package may need to be considered for tree cleaning as well if it remains maintainer-needed.
htmldoc 1.8.29 was committed to the tree.
@ Arches, please test and mark stable: =app-text/htmldoc-1.8.29
amd64 stable
x86 stable
Stable on alpha.
sparc stable
Stable for HPPA.
ppc stable
ia64 stable
ppc64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
No PoC for ACE/RCE, downgraded to B3. GLSA Vote: No Tree is clean: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5734ce51ae989c6d907f680ede2a6e9dca75f585