943198 – (CVE-2024-40896) <dev-libs/libxml2-{2.11.9, 2.12.9}: Regression in consumer protection from CVE-2012-0037

Bug 943198 (CVE-2024-40896) - <dev-libs/libxml2-{2.11.9, 2.12.9}: Regression in consumer protection from CVE-2012-0037

Summary: <dev-libs/libxml2-{2.11.9, 2.12.9}: Regression in consumer protection from CV...

Status:	IN_PROGRESS

Alias:	CVE-2024-40896

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [stable?]
Keywords:

Depends on:
Blocks:

Reported:	2024-11-10 20:47 UTC by Sam James
Modified:	2024-11-10 21:36 UTC (History)
CC List:	3 users (show)

See Also:	https://gitlab.gnome.org/GNOME/libxml2/-/issues/761
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sam James archtester

2024-11-10 20:47:08 UTC

See https://gitlab.gnome.org/GNOME/libxml2/-/issues/761.

Comment 1 Larry the Git Cow gentoo-dev

2024-11-10 21:11:51 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=719f8cddede04669939001c30524c53c141f79c4

commit 719f8cddede04669939001c30524c53c141f79c4
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2024-11-10 21:10:54 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-11-10 21:10:54 +0000

    dev-libs/libxml2: add 2.12.9
    
    Bug: https://bugs.gentoo.org/943198
    Signed-off-by: Sam James <sam@gentoo.org>

 .../libxml2/files/libxml2-2.12.9-icu-pkgconfig.patch | 20 ++++++++++++++++++++
 dev-libs/libxml2/libxml2-2.12.9.ebuild               |  2 +-
 2 files changed, 21 insertions(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8ac8bf35e0688bfe340e32dead7725c735e356ac

commit 8ac8bf35e0688bfe340e32dead7725c735e356ac
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2024-11-10 21:03:59 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-11-10 21:03:59 +0000

    dev-libs/libxml2: add 2.12.9
    
    Bug: https://bugs.gentoo.org/943198
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-libs/libxml2/Manifest              |   1 +
 dev-libs/libxml2/libxml2-2.12.9.ebuild | 198 +++++++++++++++++++++++++++++++++
 2 files changed, 199 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ba495dca07b250822fcf8a1827518c9eecb8b26d

commit ba495dca07b250822fcf8a1827518c9eecb8b26d
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2024-11-10 21:02:11 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-11-10 21:02:11 +0000

    dev-libs/libxml2: add 2.11.9
    
    Bug: https://bugs.gentoo.org/943198
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-libs/libxml2/Manifest                          |   1 +
 .../files/libxml2-2.11.9-icu-pkgconfig.patch       |  19 ++
 dev-libs/libxml2/libxml2-2.11.9.ebuild             | 201 +++++++++++++++++++++
 3 files changed, 221 insertions(+)

Comment 2 Larry the Git Cow gentoo-dev

2024-11-10 21:31:39 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c192808386149e39792374e350633249f1ff0da7

commit c192808386149e39792374e350633249f1ff0da7
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2024-11-10 21:25:58 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-11-10 21:31:16 +0000

    dev-libs/libxml2: add 2.13.4
    
    Bug: https://bugs.gentoo.org/943198
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-libs/libxml2/Manifest              |   1 +
 dev-libs/libxml2/libxml2-2.13.4.ebuild | 189 +++++++++++++++++++++++++++++++++
 2 files changed, 190 insertions(+)