Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 943198 (CVE-2024-40896) - <dev-libs/libxml2-{2.11.9, 2.12.9}: Regression in consumer protection from CVE-2012-0037
Summary: <dev-libs/libxml2-{2.11.9, 2.12.9}: Regression in consumer protection from CV...
Status: IN_PROGRESS
Alias: CVE-2024-40896
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL:
Whiteboard: B3 [stable]
Keywords:
Depends on: 945992 945993
Blocks:
  Show dependency tree
 
Reported: 2024-11-10 20:47 UTC by Sam James
Modified: 2024-12-07 02:31 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2024-11-10 20:47:08 UTC
See https://gitlab.gnome.org/GNOME/libxml2/-/issues/761.
Comment 1 Larry the Git Cow gentoo-dev 2024-11-10 21:11:51 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=719f8cddede04669939001c30524c53c141f79c4

commit 719f8cddede04669939001c30524c53c141f79c4
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2024-11-10 21:10:54 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-11-10 21:10:54 +0000

    dev-libs/libxml2: add 2.12.9
    
    Bug: https://bugs.gentoo.org/943198
    Signed-off-by: Sam James <sam@gentoo.org>

 .../libxml2/files/libxml2-2.12.9-icu-pkgconfig.patch | 20 ++++++++++++++++++++
 dev-libs/libxml2/libxml2-2.12.9.ebuild               |  2 +-
 2 files changed, 21 insertions(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8ac8bf35e0688bfe340e32dead7725c735e356ac

commit 8ac8bf35e0688bfe340e32dead7725c735e356ac
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2024-11-10 21:03:59 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-11-10 21:03:59 +0000

    dev-libs/libxml2: add 2.12.9
    
    Bug: https://bugs.gentoo.org/943198
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-libs/libxml2/Manifest              |   1 +
 dev-libs/libxml2/libxml2-2.12.9.ebuild | 198 +++++++++++++++++++++++++++++++++
 2 files changed, 199 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ba495dca07b250822fcf8a1827518c9eecb8b26d

commit ba495dca07b250822fcf8a1827518c9eecb8b26d
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2024-11-10 21:02:11 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-11-10 21:02:11 +0000

    dev-libs/libxml2: add 2.11.9
    
    Bug: https://bugs.gentoo.org/943198
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-libs/libxml2/Manifest                          |   1 +
 .../files/libxml2-2.11.9-icu-pkgconfig.patch       |  19 ++
 dev-libs/libxml2/libxml2-2.11.9.ebuild             | 201 +++++++++++++++++++++
 3 files changed, 221 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2024-11-10 21:31:39 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c192808386149e39792374e350633249f1ff0da7

commit c192808386149e39792374e350633249f1ff0da7
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2024-11-10 21:25:58 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-11-10 21:31:16 +0000

    dev-libs/libxml2: add 2.13.4
    
    Bug: https://bugs.gentoo.org/943198
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-libs/libxml2/Manifest              |   1 +
 dev-libs/libxml2/libxml2-2.13.4.ebuild | 189 +++++++++++++++++++++++++++++++++
 2 files changed, 190 insertions(+)