.
--- /tmp/mgorny-dev-scripts/portage/dev-libs/libxml2-2.12.6/work/libxml2-2.12.6/NEWS 2024-03-15 11:11:03.000000000 +0000 +++ /tmp/mgorny-dev-scripts/portage/dev-libs/libxml2-2.12.7/work/libxml2-2.12.7/NEWS 2024-05-13 10:33:44.000000000 +0100 @@ -1,5 +1,17 @@ NEWS file for libxml2 +v2.12.7: May 13 2024 + +### Security + +- [CVE-2024-34459] Fix buffer overread with `xmllint --htmlout` + +### Regressions + +- xmllint: Fix --pedantic option +- save: Handle invalid parent pointers in xhtmlNodeDumpOutput + + v2.12.6: Mar 15 2024
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4a8fa62d4d5cf10ff21bf89beb43a36971a80622 commit 4a8fa62d4d5cf10ff21bf89beb43a36971a80622 Author: Sam James <sam@gentoo.org> AuthorDate: 2024-05-16 02:32:38 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-05-16 02:32:38 +0000 dev-libs/libxml2: add 2.12.7 Bug: https://bugs.gentoo.org/931977 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/libxml2/Manifest | 1 + dev-libs/libxml2/libxml2-2.12.7.ebuild | 196 +++++++++++++++++++++++++++++++++ 2 files changed, 197 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3bd896997dcd48ebc5a11e7b3801ae7f82b9dc23 commit 3bd896997dcd48ebc5a11e7b3801ae7f82b9dc23 Author: Sam James <sam@gentoo.org> AuthorDate: 2024-05-16 02:28:53 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-05-16 02:28:53 +0000 dev-libs/libxml2: add 2.11.8 Bug: https://bugs.gentoo.org/931977 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/libxml2/Manifest | 1 + dev-libs/libxml2/libxml2-2.11.8.ebuild | 200 +++++++++++++++++++++++++++++++++ 2 files changed, 201 insertions(+)
I don't know why a cve was assigned to this issue. At the time I was active in fuzzing, mitre said that read issues in command line tools are considered an inconvenience.
