From ${URL} : A heap-buffer overread vulnerability was found in libxml2. A specially crafted file can cause the application to crash. External bugzilla report with reproducer: https://bugzilla.gnome.org/show_bug.cgi?id=749115 CVE assignment: http://seclists.org/oss-sec/2016/q1/277 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Fix landed in v2.9.4: https://bugzilla.gnome.org/show_bug.cgi?id=758605#c5 v2.9.4 landed in Gentoo repository via https://gitweb.gentoo.org/repo/gentoo.git/commit/dev-libs/libxml2?id=b68f9389191396b4febff3e7b61f939189364426 Also, upstream changed tracking to CVE-2016-1839, see https://bugzilla.gnome.org/show_bug.cgi?id=749115#c9
Moving CVE alias to the proper bug 583888.
This issue was resolved and addressed in GLSA 201701-37 at https://security.gentoo.org/glsa/201701-37 by GLSA coordinator Thomas Deutschmann (whissi).
