From owner-freebsd-gnome@freebsd.org Mon Jun 20 19:09:22 2016 Return-Path: Delivered-To: freebsd-gnome@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2D7A9AC49A4 for ; Mon, 20 Jun 2016 19:09:22 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 176D02A2A for ; Mon, 20 Jun 2016 19:09:22 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 1315AAC49A3; Mon, 20 Jun 2016 19:09:22 +0000 (UTC) Delivered-To: gnome@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 12C76AC49A2 for ; Mon, 20 Jun 2016 19:09:22 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0287F2A29 for ; Mon, 20 Jun 2016 19:09:22 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u5KJ9LWd027774 for ; Mon, 20 Jun 2016 19:09:21 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: gnome@FreeBSD.org Subject: [Bug 210298] textproc/libxslt: Update to 1.1.29 Date: Mon, 20 Jun 2016 19:09:22 +0000 X-Bugzilla-Reason: AssignedTo CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: easy, patch, patch-ready, security X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: commit-hook@freebsd.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: gnome@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-gnome@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: GNOME for FreeBSD -- porting and maintaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Jun 2016 19:09:22 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D210298 --- Comment #10 from commit-hook@freebsd.org --- A commit references this bug: Author: feld Date: Mon Jun 20 19:08:32 UTC 2016 New revision: 417173 URL: https://svnweb.freebsd.org/changeset/ports/417173 Log: Update vuxml for libxslt vulnerabilities These vulnerabilities were previously reported by Google as they bundle libxslt with Chrome. When we patched Chromium to address these vulnerabilites it was overlooked that we do not bundle libxslt library with Chromium, but instead use textproc/libxslt. Chromium users have continued to be vulnerable to these CVEs as a result. This update fixes the Chromium CVE entry and adds a separate one for libxslt. PR: 210298 Security: CVE-2016-1683 Security: CVE-2016-1684 Changes: head/security/vuxml/vuln.xml --=20 You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.=