libxml2 2.10.0 release notes (https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.0#security) contain: """ Security [CVE-2022-2309] Reset nsNr in xmlCtxtReset Reserve byte for NUL terminator and report errors consistently in xmlBuf and xmlBuffer (David Kilzer) Fix missing NUL terminators in xmlBuf and xmlBuffer functions (David Kilzer) Fix integer overflow in xmlBufferDump() (David Kilzer) xmlBufAvail() should return length without including a byte for NUL terminator (David Kilzer) Fix ownership of xmlNodePtr & xmlAttrPtr fields in xmlSetTreeDoc() (David Kilzer) Use xmlNewDocText in xmlXIncludeCopyRange Fix use-after-free bugs when calling xmlTextReaderClose() before xmlFreeTextReader() on post-validating parser (David Kilzer) Use UPDATE_COMPAT() consistently in buf.c (David Kilzer) fix: xmlXPathParserContext could be double-delete in OOM case. (jinsub ahn) """
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=adf5474fd11ba8a07548c5e37fac5e66db57a112 commit adf5474fd11ba8a07548c5e37fac5e66db57a112 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-10-16 14:40:08 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-16 14:45:20 +0000 [ GLSA 202210-03 ] libxml2: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/833809 Bug: https://bugs.gentoo.org/842261 Bug: https://bugs.gentoo.org/865727 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202210-03.xml | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7d5c71d4ba751dd64e43e286c27b0b2fa5f1cc00 commit 7d5c71d4ba751dd64e43e286c27b0b2fa5f1cc00 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-10-28 19:32:57 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-10-28 19:50:00 +0000 dev-libs/libxml2: drop 2.9.14-r1 Bug: https://bugs.gentoo.org/865727 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/libxml2/Manifest | 2 - dev-libs/libxml2/libxml2-2.9.14-r1.ebuild | 187 ------------------------------ 2 files changed, 189 deletions(-)
All done!