[Bug 270906] textproc/libxml2: SecurityUpdate to 2.10.4

Reply: bugzilla-noreply_a_freebsd.org: "maintainer-feedback requested: [Bug 270906] textproc/libxml2: SecurityUpdate to 2.10.4"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 270906] textproc/libxml2: SecurityUpdate to 2.10.4"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 270906] textproc/libxml2: SecurityUpdate to 2.10.4"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 270906] textproc/libxml2: SecurityUpdate to 2.10.4"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 270906] textproc/libxml2: SecurityUpdate to 2.10.4"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 18 Apr 2023 02:43:50 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270906

            Bug ID: 270906
           Summary: textproc/libxml2: SecurityUpdate to 2.10.4
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: desktop@FreeBSD.org
          Reporter: takefu@airport.fm
             Flags: maintainer-feedback?(desktop@FreeBSD.org)
          Assignee: desktop@FreeBSD.org

Created attachment 241552
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=241552&action=edit
libxml2-2.10.4.patch

fix:
  PORTCLIPPY(1) Compliant
  LIBXML2_SLAVE STRIP shared object files


v2.10.4: Apr 11 2023

### Security

- [CVE-2023-29469] Hashing of empty dict strings isn't deterministic
- [CVE-2023-28484] Fix null deref in xmlSchemaFixupComplexType
- schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK

### Regressions

- SAX2: Ignore namespaces in HTML documents
- io: Fix "buffer full" error with certain buffer sizes

-- 
You are receiving this mail because:
You are the assignee for the bug.