Summary: | <dev-libs/mxml-3.3: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | conikost |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/michaelrsweet/mxml/issues/286 | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
![]() ![]() ![]() ![]() Based on the Github issue, it should be fixed in 3.3. I was also not able to reproduce with current version 3.3 in tree. Thanks! I guess, we can close here and release _no_ GLSA. Seeing https://github.com/michaelrsweet/mxml/issues/286, the CVE was rejected by upstream. https://www.cve.org/CVERecord?id=CVE-2021-42859 also lists as disputed. (In reply to Conrad Kostecki from comment #3) > I guess, we can close here and release _no_ GLSA. Agreed, thanks for the update. |