[Bug 256436] textproc/libxml2: Update to 2.9.12 (fixes several vulnerabilities)

From: <bugzilla-noreply_at_freebsd.org>
Date: Sun, 06 Jun 2021 12:27:18 +0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256436

Kubilay Kocak <koobs_at_FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|textproc/libxml2: Update to |textproc/libxml2: Update to
                   |2.9.12                      |2.9.12 (fixes several
                   |                            |vulnerabilities)
           Severity|Affects Only Me             |Affects Many People
           Keywords|                            |needs-qa, security
           Priority|---                         |Normal
                 CC|                            |ports-secteam_at_FreeBSD.org
              Flags|                            |merge-quarterly?
             Status|New                         |Open

--- Comment #2 from Kubilay Kocak <koobs_at_FreeBSD.org> ---
^Triage: Security and bugfix releases, MFH.

_at_Daniel Is there a canonical source for the 2.9.10-12 release notes? I see only
a single CVE reference for .11 (CVE-2021-3541) but see other CVE's being
referenced elsewhere online that affect .10 too.

CVE-2019-20388
CVE-2020-24977
CVE-2021-3517
CVE-2021-3518
CVE-2021-3537
CVE-2021-3516
CVE-2020-7595

-- 
You are receiving this mail because:
You are the assignee for the bug.
Received on Sun Jun 06 2021 - 12:27:18 UTC

Original text of this message