``` +### Security + +- [CVE-2024-25062] xmlreader: Don't expand XIncludes when backtracking + ``` "An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free."
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7acaa9d202a846b33a13a1020b88e5c16ca9eeeb commit 7acaa9d202a846b33a13a1020b88e5c16ca9eeeb Author: Sam James <sam@gentoo.org> AuthorDate: 2024-02-05 03:50:18 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-02-05 03:56:08 +0000 dev-libs/libxml2: add 2.11.7 Bug: https://bugs.gentoo.org/923806 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/libxml2/Manifest | 1 + dev-libs/libxml2/libxml2-2.11.7.ebuild | 200 +++++++++++++++++++++++++++++++++ 2 files changed, 201 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=e85e47ba7c520c0a553d527c33c5c297cb8ff286 commit e85e47ba7c520c0a553d527c33c5c297cb8ff286 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-02-09 09:36:36 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-02-09 09:37:22 +0000 [ GLSA 202402-11 ] libxml2: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/904202 Bug: https://bugs.gentoo.org/905399 Bug: https://bugs.gentoo.org/915351 Bug: https://bugs.gentoo.org/923806 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202402-11.xml | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f9f602950cfe3df380e2ef8909025f1a2255bf04 commit f9f602950cfe3df380e2ef8909025f1a2255bf04 Author: Sam James <sam@gentoo.org> AuthorDate: 2024-03-04 11:12:24 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-03-04 11:12:24 +0000 dev-libs/libxml2: drop 2.11.5, 2.11.5-r1, 2.11.6, 2.12.4 Bug: https://bugs.gentoo.org/915351 Bug: https://bugs.gentoo.org/923806 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/libxml2/Manifest | 3 - dev-libs/libxml2/libxml2-2.11.5-r1.ebuild | 200 ------------------------------ dev-libs/libxml2/libxml2-2.11.5.ebuild | 196 ----------------------------- dev-libs/libxml2/libxml2-2.11.6.ebuild | 200 ------------------------------ dev-libs/libxml2/libxml2-2.12.4.ebuild | 196 ----------------------------- 5 files changed, 795 deletions(-)