On Tue, Jan 28, 2020 at 08:18:07PM +0100, Moritz Buhl wrote: > Dear prots@, > > There is a new CVE for libxml2: > https://nvd.nist.gov/vuln/detail/CVE-2020-7595
Well, it doesn't look that harsh, it's just an infinite loop... These days, everything ends up being a CVE, it seems. > The diff is available here: > https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076 > > make test passes without errors. > The diff is attached. There is a CVE list supposed to be in devel/quirks > but I don't exactly know what key-value pair to add. The comment says it all: # cat/path => badspec so, pkgpath => spec for any package that's bad. That's actually fairly obvious from the actual entries.