Re: git: dceb46fc8a6e - main - textproc/libxml2, textproc/libxslt: vulnerable
Date: Sun, 13 Jul 2025 17:25:14 UTC
On 2025-07-12 11:13, Matthias Andree wrote: > The branch main has been updated by mandree: > > URL: https://cgit.FreeBSD.org/ports/commit/?id=dceb46fc8a6eea281dbafc46e6452a9d82550b09 > > commit dceb46fc8a6eea281dbafc46e6452a9d82550b09 > Author: Matthias Andree <mandree@FreeBSD.org> > AuthorDate: 2025-07-12 09:10:11 +0000 > Commit: Matthias Andree <mandree@FreeBSD.org> > CommitDate: 2025-07-12 09:13:36 +0000 > > textproc/libxml2, textproc/libxslt: vulnerable > > Note that libxslt is vulnerable, unfixed, and without maintainer. > Two of four vulnerabilities have been fixed. > > Note that libxml2 in our ports is vulnerable and there is no upstream > release fixing these bugs, they need cherry-picks. Let me get this straight: If the port is not fixed within the next two months you are going to remove it from the tree? Looking at the reverse dependency tree in FreshPorts that would be devastating... Is this your intention? Michael