Bug 483632

Summary:	=app-emulation/emul-linux-x86-baselibs-{20121202,20130224{,-r13}} contains libxml2-2.8.0-r3 which is affected by many security bugs. (CVE-2013-{1664,0338,0339,1969,2877})
Product:	Gentoo Security	Reporter:	Ben Kohler <bkohler>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	major	CC:	luke, multilib+disabled
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
See Also:	https://bugs.gentoo.org/show_bug.cgi?id=458430 https://bugs.gentoo.org/show_bug.cgi?id=458740 https://bugs.gentoo.org/show_bug.cgi?id=466238 https://bugs.gentoo.org/show_bug.cgi?id=476438
Whiteboard:	A2 [glsa]
Package list:		Runtime testing required:	---
Bug Depends on:	508322
Bug Blocks:	482038

Description Ben Kohler gentoo-dev

2013-09-04 19:21:23 UTC

These versions (all current in-tree versions, stable and unstable) seem to be affected by at least:
bug #458430
bug #458740
bug #466238
bug #476438

The bump to 2.9 will be needed by some new packages like wine (bug #482038) but even more importantly, we need to get away from 2.8 and all its outstanding security issues.  I'm not sure which of these bug numbers should go in blockers or depends on, if any... so thanks in advance to b-w or whoever gets this report in order.

Thanks!

Comment 1 Sean Amoss (RETIRED) gentoo-dev

2014-11-25 21:50:14 UTC

Added to existing GLSA request.

Comment 2 GLSAMaker/CVETool Bot gentoo-dev

2014-12-12 01:09:10 UTC

This issue was resolved and addressed in
 GLSA 201412-11 at http://security.gentoo.org/glsa/glsa-201412-11.xml
by GLSA coordinator Sean Amoss (ackle).