Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 948426 - <dev-util/diffoscope-285: Multiple vulnerabilities
Summary: <dev-util/diffoscope-285: Multiple vulnerabilities
Status: IN_PROGRESS
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa?]
Keywords:
Depends on:
Blocks:
 
Reported: 2025-01-20 04:19 UTC by Sam James
Modified: 2025-03-20 21:14 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2025-01-20 04:19:58 UTC 
From 285 release notes:
```
[ Chris Lamb ]
* Validate --css command-line argument. Thanks to Daniel Schmidt @ SRLabs for
  the report. (Closes: #396)
* Prevent XML entity expansion attacks through vulnerable versions of
  pyexpat. Thanks to Florian Wilkens @ SRLabs for the report. (Closes: #397)
* Print a warning if we have disabled XML comparisons due to a potentially
  vulnerable version of pyexpat.
* Remove (unused) logging facility from a few comparators.
* Update copyright years.
```
Comment 1 Larry the Git Cow gentoo-dev 2025-01-20 04:32:25 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=efe79ceb6bba44a7ce324fa942193692e52b892c

commit efe79ceb6bba44a7ce324fa942193692e52b892c
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2025-01-20 04:24:57 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2025-01-20 04:24:57 +0000

    dev-util/diffoscope: add 285
    
    Bug: https://bugs.gentoo.org/948426
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-util/diffoscope/Manifest              |   1 +
 dev-util/diffoscope/diffoscope-285.ebuild | 140 ++++++++++++++++++++++++++++++
 2 files changed, 141 insertions(+)