Date: Sat, 21 Jun 2025 18:21:17 +0000 From: bugzilla-noreply@freebsd.org To: desktop@FreeBSD.org Subject: [Bug 287391] textproc/libxml2: security patches for 2.11.9 Message-ID: <bug-287391-39348-vMknWEBN7o@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-287391-39348@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=287391 --- Comment #27 from Charlie Li <vishwin@freebsd.org> --- Since there seems to be some insistence on clearing pkg-audit(8) alerts because of the vuxml entries, I took a further look on backporting the three currently there. All three commits, taken from the 2.12 branch, are cleanly backportable to 2.11, and thus the commits will be used directly as PATCHFILES rather than individual files in ${PATCHDIR}. The test suite passes, which for fixes within a point release let alone within the same branch is good enough. I will adjust the vuxml entries accordingly. For future reference, considering upstream's current stance on security issues, please do not add vuxml/CVE entries against this port unless fix(es) for the same vuxml/CVE entry is committed upstream (open issues and merge requests do not count). Remember that both upstream and desktop@ are ultimately volunteers. -- You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-287391-39348-vMknWEBN7o>