Issue is with the python bindings so I would guess USE=-python is unaffected. We IUSE=+python so it's on by default. Fixed in upstream 2.13.8 and 2.14.2, and they've said older branches won't get updates (we have 2.11.x and 2.12.x as well as 2.13.x). Note also, upstream has said they plan to deprecate the python bindings: https://gitlab.gnome.org/GNOME/libxml2/-/issues/891 It seems we don't have many packages that depend on dev-libs/libxml2[python]: gimp-help, virt-manager, recoll, itstool - the latter of which has a WIP PR to migrate from libxml2 to lxml.
Per upstream announcement https://discourse.gnome.org/t/libxml2-2-13-8-released/28428 , also fixes a heap overflow (that has some prereqs to exploit), CVE-2025-32415: https://gitlab.gnome.org/GNOME/libxml2/-/issues/890
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1d092f9f4efb16f2c7ed02f98639e0a3bb418d05 commit 1d092f9f4efb16f2c7ed02f98639e0a3bb418d05 Author: Hank Leininger <hlein@korelogic.com> AuthorDate: 2025-04-18 20:14:29 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2025-05-11 03:57:20 +0000 dev-libs/libxml2: add 2.13.8 Bug: https://bugs.gentoo.org/953961 Signed-off-by: Hank Leininger <hlein@korelogic.com> Part-of: https://github.com/gentoo/gentoo/pull/41654 Closes: https://github.com/gentoo/gentoo/pull/41654 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/libxml2/Manifest | 1 + dev-libs/libxml2/libxml2-2.13.8.ebuild | 190 +++++++++++++++++++++++++++++++++ 2 files changed, 191 insertions(+)
I suspect that https://gitlab.gnome.org/GNOME/libxml2/-/issues/889 is related to the long-standing bug 745162 as well.
