I don't have any details, just a brief mention in the Google Chrome release notes. See URL.
Chrome patch: https://chromiumcodereview.appspot.com/11343029 Upstream commit: http://git.gnome.org/browse/libxml2/commit/?id=6a36fbe3b3e001a8a840b5c1fdd81cefc9947f0d
Fixed in 2.8.0-r3; thanks for noticing the vulnerability report! >*libxml2-2.8.0-r3 (26 Nov 2012) > > 26 Nov 2012; Alexandre Rostovtsev <tetromino@gentoo.org> > +libxml2-2.8.0-r3.ebuild, > +files/libxml2-2.8.0-xmlParseAttValueComplex-underflow.patch: > Fix buffer underflow (bug #444836, CVE-2012-5134, thanks to Mike Gilbert).
Arches, please test and mark stable: =dev-libs/libxml2-2.8.0-r3 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
Archtested on x86: Everything OK. - Compiles successfully with all USE-flag combinations, test phase passes. - Various rdeps successfully compile against =dev-libs/libxml2-2.8.0-r3. - Repoman reports no warnings that need addressing. - Verified library functionality through runtime testing of various packages that depend on libxml2, no discrepancies found.
amd64 stable
x86 stable
Stable for HPPA.
CVE-2012-5134 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5134): Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document.
ppc stable
arm stable
ppc64 stable
alpha/ia64/m68k/s390/sh/sparc stable
Thanks, everyone. Updated existing GLSA draft.
This issue was resolved and addressed in GLSA 201311-06 at http://security.gentoo.org/glsa/glsa-201311-06.xml by GLSA coordinator Sean Amoss (ackle).