OSS-Fuzz is a Continuous Fuzzing for Open Source Software. See $URL for more details about the issue.
@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Patch for this issue have been pushed in libxml-2.9.4-r2.
Please note that:
* patches where cherry-picked from upstream master according to information found in this ticket, some patches were harder to find due to upstream blocking access to it.
* unittests in the ebuild are actually not being run for a long time certainly due to a problem when porting to multilib. Maybe it existed before, didn't check yet.
Anyway, as lots of other security related fixes are pending an upstream release, I pushed this as a stop gap until I get more time to do a proper snapshot and fix these unittests issues.
This issue was resolved and addressed in
GLSA 201711-01 at https://security.gentoo.org/glsa/201711-01
by GLSA coordinator Christopher Diaz Riveros (chrisadr).