From owner-freebsd-security@FreeBSD.ORG Mon Oct 20 11:45:51 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 022B71065674 for ; Mon, 20 Oct 2008 11:45:51 +0000 (UTC) (envelope-from gunther.mayer@googlemail.com) Received: from ey-out-2122.google.com (ey-out-2122.google.com [74.125.78.25]) by mx1.freebsd.org (Postfix) with ESMTP id 8735A8FC1E for ; Mon, 20 Oct 2008 11:45:49 +0000 (UTC) (envelope-from gunther.mayer@googlemail.com) Received: by ey-out-2122.google.com with SMTP id 6so510738eyi.7 for ; Mon, 20 Oct 2008 04:45:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:user-agent :mime-version:to:subject:content-type:content-transfer-encoding:from; bh=f7E1VqZFbaXikmaBJOSukw6wsNEFvfJBTMivH+vF08M=; b=rg8dCTytRvnzNyEQUgKgeF9xUlKh4QPTaeIQbAsUtpaLM3U9psd7BB5/Yy3ypjnvJy eflMqylTaIXmnCw2MQXsgs45PDQB7PYN8zCT15rJlcPNRUUTDBlxf2gLlNd094RkLWmf cb4zfIN/Mdbtp1O13xppCcs3Yd8Fq9OFNGNr4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=message-id:date:user-agent:mime-version:to:subject:content-type :content-transfer-encoding:from; b=pQFqGZft8VowWE5YUXBtAln62YVFErn9ijnmrcL01Aqd1d5ZS5Z/wGYE0iKAFEoLmO luicy73b+RRoRccZxFTzaHCO9xjMNHO+7HDo0olqrbBcVw2whDuukhcj6XcfZdNdrKTz xpzrdaiy/c2M7eVVb0i1NKwSun/u7aCRjwnLk= Received: by 10.210.28.6 with SMTP id b6mr8644084ebb.3.1224501746511; Mon, 20 Oct 2008 04:22:26 -0700 (PDT) Received: from ?172.25.0.157? ([196.7.14.186]) by mx.google.com with ESMTPS id k10sm5869689nfh.25.2008.10.20.04.22.24 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 20 Oct 2008 04:22:25 -0700 (PDT) Message-ID: <48FC69EC.9000609@gmail.com> Date: Mon, 20 Oct 2008 13:22:20 +0200 User-Agent: Thunderbird 2.0.0.17 (X11/20080925) MIME-Version: 1.0 To: freebsd-security@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit From: Gunther Mayer X-Mailman-Approved-At: Mon, 20 Oct 2008 12:01:04 +0000 Subject: Secure libxml2? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Oct 2008 11:45:51 -0000 Hi there, We're using libxml2 and the version in ports (2.6.x) currently suffers from a rather serious security vulnerability already posted last Friday: http://www.freebsd.org/ports/portaudit/d71da236-9a94-11dd-8f42-001c2514716c.html Yet there's no libxml2-2.7.x in ports as required by the above notice. So there's no solution other than compiling an up-to-date one by hand and that opens up a whole different can of worms regarding dependencies. I emailed the official maintainer (gnome@freebsd.org) but am not holding my breath, chances are they won't even see my mail amongst all the spam they must be getting. So I'm wondering does anybody know what's going on or what I could do to get my systems secure? Regards, Gunther