Bug 943198 (CVE-2024-40896)

Summary:	<dev-libs/libxml2-{2.11.9, 2.12.9}: Regression in consumer protection from CVE-2012-0037
Product:	Gentoo Security	Reporter:	Sam James <sam>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	IN_PROGRESS ---
Severity:	normal	CC:	base-system, crabbedhaloablution, sam
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
See Also:	https://gitlab.gnome.org/GNOME/libxml2/-/issues/761
Whiteboard:	B3 [stable?]
Package list:		Runtime testing required:	---

Description Sam James archtester

2024-11-10 20:47:08 UTC

See https://gitlab.gnome.org/GNOME/libxml2/-/issues/761.

Comment 1 Larry the Git Cow gentoo-dev

2024-11-10 21:11:51 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=719f8cddede04669939001c30524c53c141f79c4

commit 719f8cddede04669939001c30524c53c141f79c4
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2024-11-10 21:10:54 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-11-10 21:10:54 +0000

    dev-libs/libxml2: add 2.12.9
    
    Bug: https://bugs.gentoo.org/943198
    Signed-off-by: Sam James <sam@gentoo.org>

 .../libxml2/files/libxml2-2.12.9-icu-pkgconfig.patch | 20 ++++++++++++++++++++
 dev-libs/libxml2/libxml2-2.12.9.ebuild               |  2 +-
 2 files changed, 21 insertions(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8ac8bf35e0688bfe340e32dead7725c735e356ac

commit 8ac8bf35e0688bfe340e32dead7725c735e356ac
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2024-11-10 21:03:59 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-11-10 21:03:59 +0000

    dev-libs/libxml2: add 2.12.9
    
    Bug: https://bugs.gentoo.org/943198
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-libs/libxml2/Manifest              |   1 +
 dev-libs/libxml2/libxml2-2.12.9.ebuild | 198 +++++++++++++++++++++++++++++++++
 2 files changed, 199 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ba495dca07b250822fcf8a1827518c9eecb8b26d

commit ba495dca07b250822fcf8a1827518c9eecb8b26d
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2024-11-10 21:02:11 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-11-10 21:02:11 +0000

    dev-libs/libxml2: add 2.11.9
    
    Bug: https://bugs.gentoo.org/943198
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-libs/libxml2/Manifest                          |   1 +
 .../files/libxml2-2.11.9-icu-pkgconfig.patch       |  19 ++
 dev-libs/libxml2/libxml2-2.11.9.ebuild             | 201 +++++++++++++++++++++
 3 files changed, 221 insertions(+)

Comment 2 Larry the Git Cow gentoo-dev

2024-11-10 21:31:39 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c192808386149e39792374e350633249f1ff0da7

commit c192808386149e39792374e350633249f1ff0da7
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2024-11-10 21:25:58 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-11-10 21:31:16 +0000

    dev-libs/libxml2: add 2.13.4
    
    Bug: https://bugs.gentoo.org/943198
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-libs/libxml2/Manifest              |   1 +
 dev-libs/libxml2/libxml2-2.13.4.ebuild | 189 +++++++++++++++++++++++++++++++++
 2 files changed, 190 insertions(+)