From ${URL} : Out-of-bounds memory access vulnerability when parsing unclosed HTMl comment was found in libxml2. By entering a unclosed html comment such as <!-- the libxml2 parser didn't stop parsing at the end of the buffer, causing random memory to be included in the parsed comment. CVE request: http://seclists.org/oss-sec/2015/q3/540 Upstream was notified, but patch is not released yet. However, a patch for nokogiri, which uses embedded libxml2, was proposed: https://github.com/Shopify/nokogiri/compare/1b1fcad8bd64ab70256666c38d2c998e86ade8c0...master @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Following links, I found the upstream bug report.
Upstream patch applied in 2.9.2-r2.
Arches, please test and mark stable: =dev-libs/libxml2-2.9.2-r4 Target keywords : "alpha amd64 arm arm64 hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
amd64 stable
x86 stable
Stable for PPC64.
Stable for HPPA.
ppc stable
!!! Digest verification failed: !!! /usr/portage/dev-libs/libxml2/ChangeLog !!! Reason: Filesize does not match recorded size !!! Got: 5038 !!! Expected: 4685
alpha stable
arm stable
s390 stable
ia64 stable
sparc stable
The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment. Re-designating as this is not default or common software in the tree (do we really have any statistics on that anyway?) nor was the original vulnerability reported accurately. GLSA Vote: No.