From URL: "Security: [CVE-2022-23308] Use-after-free of ID and IDREF attributes (Thanks to Shinji Sato for the report) Use-after-free in xmlXIncludeCopyRange (David Kilzer) Fix Null-deref-in-xmlSchemaGetComponentTargetNs (huangduirong) Fix memory leak in xmlXPathCompNodeTest Fix null pointer deref in xmlStringGetNodeList Fix several memory leaks found by Coverity (David King)"
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2c38911533cea511c6c5a318e517da7d6df96ecb commit 2c38911533cea511c6c5a318e517da7d6df96ecb Author: Sam James <sam@gentoo.org> AuthorDate: 2022-02-21 01:10:59 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-02-21 01:10:59 +0000 dev-libs/libxml2: add 2.9.13 Bug: https://bugs.gentoo.org/833809 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/libxml2/Manifest | 1 + dev-libs/libxml2/libxml2-2.9.13.ebuild | 240 +++++++++++++++++++++++++++++++++ 2 files changed, 241 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ac5e34e355b38781725f213dc32976bc0467b16b commit ac5e34e355b38781725f213dc32976bc0467b16b Author: Sam James <sam@gentoo.org> AuthorDate: 2022-02-21 01:59:57 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-02-21 02:00:27 +0000 dev-libs/libxml2: restore LDFLAGS patch; drop unnecessary test patch Bug: https://bugs.gentoo.org/833809 Signed-off-by: Sam James <sam@gentoo.org> .../libxml2/{libxml2-2.9.13.ebuild => libxml2-2.9.13-r1.ebuild} | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-)
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=adf5474fd11ba8a07548c5e37fac5e66db57a112 commit adf5474fd11ba8a07548c5e37fac5e66db57a112 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-10-16 14:40:08 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-16 14:45:20 +0000 [ GLSA 202210-03 ] libxml2: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/833809 Bug: https://bugs.gentoo.org/842261 Bug: https://bugs.gentoo.org/865727 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202210-03.xml | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+)
GLSA released, all done!