Automated analysis has detected that the following third party packages have had vulnerabilities publicly reported. 

NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package.

Package Name: dev-libs/libxml2
Package Version: [cpe:/a:xmlsoft:libxml2:2.9.4]

Advisory: CVE-2017-7375
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-7375
  CVSS severity score: 7.5/10.0
  Confidence: high
  Description:

A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).
Advisory: CVE-2017-7376
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-7376
  CVSS severity score: 10/10.0
  Confidence: high
  Description:

Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.