Summary: | <dev-libs/libxml2-2.11.1: Multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | ajak, base-system, sam |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A3 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 906088, 906095, 906124, 906206, 906227, 906309, 906641, 907226, 907384, 909634 | ||
Bug Blocks: |
Description
Sam James
2023-05-01 06:21:35 UTC
This version is currently masked for testing. Alpine already had to fix a bunch of test failures (or skip stuff for now). # Sam James <sam@gentoo.org> (2023-05-01) # Masked for testing. Other distros seem to have hit a bunch of new test # failures in various applications, and initially there were ABI issues in .0. >=dev-libs/libxml2-2.11.0 commit 9b2ad65342b2445a38775260e7f4497d06466ee4 Author: Sam James <sam@gentoo.org> Date: Wed May 10 20:33:44 2023 +0100 profiles: unmask new libxml2 Seems to have fixed the python bindings issue too: https://gitlab.gnome.org/GNOME/libxml2/-/commit/76c6da420923f2721a2e16adfcef8707a2454a1b. Closes: https://bugs.gentoo.org/745162 Signed-off-by: Sam James <sam@gentoo.org> The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=64f596cbb52d0955503281d6998154eacb48d065 commit 64f596cbb52d0955503281d6998154eacb48d065 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-05-19 00:29:27 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-19 00:29:27 +0000 dev-libs/libxml2: add 2.11.4 This _might_ fix the LibreOffice issue. Bug: https://bugs.gentoo.org/905399 Bug: https://bugs.gentoo.org/906206 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/libxml2/Manifest | 1 + dev-libs/libxml2/libxml2-2.11.4.ebuild | 195 +++++++++++++++++++++++++++++++++ 2 files changed, 196 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=74742dfaadb00f833e7c786c9ea99e0c5e165176 commit 74742dfaadb00f833e7c786c9ea99e0c5e165176 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-05-20 07:17:48 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-20 07:17:48 +0000 profiles: mask intermediate bad libxml2-2.11.* (before <2.11.4) >=2.11.4 is fine, just 2.11.1 up to 2.11.3 were buggy. Mask to avoid confusing bug reports. Bug: https://bugs.gentoo.org/906206 Bug: https://bugs.gentoo.org/905399 Signed-off-by: Sam James <sam@gentoo.org> profiles/package.mask | 7 +++++++ 1 file changed, 7 insertions(+) I've just removed the dev-ruby/nokogiri versions that required libxml-2.10 specifically, so the vulnerable versions can now be removed. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=889ba46a2e07a740429cf26c3472ba6f6d527a2f commit 889ba46a2e07a740429cf26c3472ba6f6d527a2f Author: Sam James <sam@gentoo.org> AuthorDate: 2023-12-28 03:37:49 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-12-28 03:37:49 +0000 dev-libs/libxml2: drop 2.10.4, 2.11.4 Bug: https://bugs.gentoo.org/905399 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/libxml2/Manifest | 2 - dev-libs/libxml2/libxml2-2.10.4.ebuild | 203 --------------------------------- dev-libs/libxml2/libxml2-2.11.4.ebuild | 202 -------------------------------- 3 files changed, 407 deletions(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=e85e47ba7c520c0a553d527c33c5c297cb8ff286 commit e85e47ba7c520c0a553d527c33c5c297cb8ff286 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-02-09 09:36:36 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-02-09 09:37:22 +0000 [ GLSA 202402-11 ] libxml2: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/904202 Bug: https://bugs.gentoo.org/905399 Bug: https://bugs.gentoo.org/915351 Bug: https://bugs.gentoo.org/923806 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202402-11.xml | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) |