Date: Tue, 18 Jan 2022 08:52:27 +0000 From: bugzilla-noreply@freebsd.org To: desktop@FreeBSD.org Subject: [Bug 261285] [exp-run] update texproc/expat2 to 2.4.3 Message-ID: <bug-261285-39348-EoAeDyOIK3@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-261285-39348@https.bugs.freebsd.org/bugzilla/> References: <bug-261285-39348@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D261285 Xin LI <delphij@FreeBSD.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|Affects Only Me |Affects Many People CC| |delphij@FreeBSD.org, | |secteam@FreeBSD.org --- Comment #1 from Xin LI <delphij@FreeBSD.org> --- For portmgr -- The two versions (2.4.2 and 2.4.3) are ABI and API compatibl= e. Code diff can be reviewed here: https://github.com/libexpat/libexpat/compare/R_2_4_2...R_2_4_3 I've replaced my own desktop's expat2 with an independently created and alm= ost identical patch and didn't observed any issue (as expected). Note that unlike the base system bundled expat2 (libbsdxml) which processes mostly trusted data (GEOM, libmt were from kernel; the exception was unbound-anchor, but that was signed data), vulnerabilities in port expat2 c= ould be a greater threat. --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-261285-39348-EoAeDyOIK3>