Date: Mon, 20 Jun 2016 19:09:22 +0000 From: bugzilla-noreply@freebsd.org To: gnome@FreeBSD.org Subject: [Bug 210298] textproc/libxslt: Update to 1.1.29 Message-ID: <bug-210298-6497-iRP1B2c88V@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-210298-6497@https.bugs.freebsd.org/bugzilla/> References: <bug-210298-6497@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D210298 --- Comment #10 from commit-hook@freebsd.org --- A commit references this bug: Author: feld Date: Mon Jun 20 19:08:32 UTC 2016 New revision: 417173 URL: https://svnweb.freebsd.org/changeset/ports/417173 Log: Update vuxml for libxslt vulnerabilities These vulnerabilities were previously reported by Google as they bundle libxslt with Chrome. When we patched Chromium to address these vulnerabilites it was overlooked that we do not bundle libxslt library with Chromium, but instead use textproc/libxslt. Chromium users have continued to be vulnerable to these CVEs as a result. This update fixes the Chromium CVE entry and adds a separate one for libxslt. PR: 210298 Security: CVE-2016-1683 Security: CVE-2016-1684 Changes: head/security/vuxml/vuln.xml --=20 You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-210298-6497-iRP1B2c88V>