Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 904202 (CVE-2023-28484, CVE-2023-29469)

Summary: <dev-libs/libxml2-2.10.4: Multiple vulnerabilities
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: ajak, base-system, proxy-maint, sam
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A3 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on: 905398    
Bug Blocks:    

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-04-12 01:40:02 UTC 
```
- [CVE-2023-29469] Hashing of empty dict strings isn't deterministic
- [CVE-2023-28484] Fix null deref in xmlSchemaFixupComplexType
- schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK
```
Comment 1 Larry the Git Cow gentoo-dev 2023-04-12 01:50:27 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7ed861c98f8be7c243ee9fe4f32a873afcc2fb02

commit 7ed861c98f8be7c243ee9fe4f32a873afcc2fb02
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2023-04-12 01:49:08 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-04-12 01:49:08 +0000

    dev-libs/libxml2: add 2.10.4
    
    Bug: https://bugs.gentoo.org/904202
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-libs/libxml2/Manifest              |   1 +
 dev-libs/libxml2/libxml2-2.10.4.ebuild | 203 +++++++++++++++++++++++++++++++++
 2 files changed, 204 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2023-05-10 19:45:59 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ce518b754a74c9c12e20bfcf15dfe4a5f8a76071

commit ce518b754a74c9c12e20bfcf15dfe4a5f8a76071
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2023-05-10 19:45:34 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-05-10 19:45:34 +0000

    dev-libs/libxml2: drop 2.10.3-r1
    
    Bug: https://bugs.gentoo.org/904202
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-libs/libxml2/Manifest                 |   1 -
 dev-libs/libxml2/libxml2-2.10.3-r1.ebuild | 203 ------------------------------
 2 files changed, 204 deletions(-)
Comment 3 Larry the Git Cow gentoo-dev 2024-02-09 09:37:31 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=e85e47ba7c520c0a553d527c33c5c297cb8ff286

commit e85e47ba7c520c0a553d527c33c5c297cb8ff286
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-02-09 09:36:36 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-02-09 09:37:22 +0000

    [ GLSA 202402-11 ] libxml2: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/904202
    Bug: https://bugs.gentoo.org/905399
    Bug: https://bugs.gentoo.org/915351
    Bug: https://bugs.gentoo.org/923806
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202402-11.xml | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)