The original report is not in English so I can't judge the details: https://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2.html This is the upstream fix/commit: https://git.gnome.org/browse/libxml2/commit/?id=be2a7edaf289c5da74a4f9ed3a0b6c733e775230
+*libxml2-2.9.2 (18 Oct 2014) + + 18 Oct 2014; Pacho Ramos <pacho@gentoo.org> + +files/libxml2-2.9.2-icu-pkgconfig.patch, + +files/libxml2-2.9.2-revert-missing-initialization.patch, + +libxml2-2.9.2.ebuild: + Version bump +
ready for the stabilization?
I am using it since yesterday and looks ok for me (at least doesn't seem to break anything)
(In reply to Pacho Ramos from comment #3) > I am using it since yesterday and looks ok for me (at least doesn't seem to > break anything) ++ amd64 stable
Should I second-guess what is to be done here?
stabilize the only version fixing this security bug
Stable for HPPA.
ppc64 stable
arm stable
sparc stable
alpha stable
ppc stable
x86 stable
ia64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
New request added
+ 09 Dec 2014; Pacho Ramos <pacho@gentoo.org> + -files/libxml2-2.9.0-manual-python.patch, + -files/libxml2-2.9.0-thread-alloc.patch, + -files/libxml2-2.9.1-compression-detection.patch, + -files/libxml2-2.9.1-external-param-entities.patch, + -files/libxml2-2.9.1-icu-pkgconfig.patch, + -files/libxml2-2.9.1-missing-break.patch, + -files/libxml2-2.9.1-non-ascii-cr-lf.patch, + -files/libxml2-2.9.1-python-2.6.patch, -files/libxml2-2.9.1-python3.patch, + -files/libxml2-2.9.1-python3a.patch, + -files/libxml2-2.9.1-xmllint-postvalid.patch, -libxml2-2.9.1-r4.ebuild, + -libxml2-2.9.1-r5.ebuild: + Cleanup due to security bug #525656 +
Thank you for cleanup
This issue was resolved and addressed in GLSA 201412-06 at http://security.gentoo.org/glsa/glsa-201412-06.xml by GLSA coordinator Sergey Popov (pinkbyte).