OSS-Fuzz is a Continuous Fuzzing for Open Source Software. See $URL for more details about the issue. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
https://github.com/GNOME/libxml2/commit/fb56f80eeffde4b79a49667c3f0727181d57aeb3
Patch for this issue have been pushed in libxml-2.9.4-r2. Please note that: * patches where cherry-picked from upstream master according to information found in this ticket, some patches were harder to find due to upstream blocking access to it. * unittests in the ebuild are actually not being run for a long time certainly due to a problem when porting to multilib. Maybe it existed before, didn't check yet. Anyway, as lots of other security related fixes are pending an upstream release, I pushed this as a stop gap until I get more time to do a proper snapshot and fix these unittests issues.
This issue was resolved and addressed in GLSA 201711-01 at https://security.gentoo.org/glsa/201711-01 by GLSA coordinator Christopher Diaz Riveros (chrisadr).