Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 948426 - <dev-util/diffoscope-285: Multiple vulnerabilities
Summary: <dev-util/diffoscope-285: Multiple vulnerabilities
Status: IN_PROGRESS
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa?]
Keywords:
Depends on:
Blocks:
 
Reported: 2025-01-20 04:19 UTC by Sam James
Modified: 2025-03-20 21:14 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2025-01-20 04:19:58 UTC
From 285 release notes:
```
[ Chris Lamb ]
* Validate --css command-line argument. Thanks to Daniel Schmidt @ SRLabs for
  the report. (Closes: #396)
* Prevent XML entity expansion attacks through vulnerable versions of
  pyexpat. Thanks to Florian Wilkens @ SRLabs for the report. (Closes: #397)
* Print a warning if we have disabled XML comparisons due to a potentially
  vulnerable version of pyexpat.
* Remove (unused) logging facility from a few comparators.
* Update copyright years.
```
Comment 1 Larry the Git Cow gentoo-dev 2025-01-20 04:32:25 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=efe79ceb6bba44a7ce324fa942193692e52b892c

commit efe79ceb6bba44a7ce324fa942193692e52b892c
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2025-01-20 04:24:57 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2025-01-20 04:24:57 +0000

    dev-util/diffoscope: add 285
    
    Bug: https://bugs.gentoo.org/948426
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-util/diffoscope/Manifest              |   1 +
 dev-util/diffoscope/diffoscope-285.ebuild | 140 ++++++++++++++++++++++++++++++
 2 files changed, 141 insertions(+)