[Bug 270906] textproc/libxml2: SecurityUpdate to 2.10.4

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 270906] textproc/libxml2: SecurityUpdate to 2.10.4"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 27 Apr 2023 18:27:12 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270906

--- Comment #3 from commit-hook@FreeBSD.org ---
A commit in branch main references this bug:

URL:
https://cgit.FreeBSD.org/ports/commit/?id=acd6567eeccaba062051ae4571c3d20c355383ac

commit acd6567eeccaba062051ae4571c3d20c355383ac
Author:     Dima Panov <fluffy@FreeBSD.org>
AuthorDate: 2023-04-27 18:07:36 +0000
Commit:     Dima Panov <fluffy@FreeBSD.org>
CommitDate: 2023-04-27 18:25:56 +0000

    textproc/libxml2: update to 2.10.14 security release (+)

    - [CVE-2023-29469] Hashing of empty dict strings isn't deterministic
    - [CVE-2023-28484] Fix null deref in xmlSchemaFixupComplexType
    - schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK

    - SAX2: Ignore namespaces in HTML documents
    - io: Fix "buffer full" error with certain buffer sizes

    PR:             270906
    Security:       0bd7f07b-dc22-11ed-bf28-589cfc0f81b0

    Sponsored by:   Serenity Cybersecurity, LLC

 textproc/libxml2/Makefile | 22 ++++++++++------------
 textproc/libxml2/distinfo |  6 +++---
 2 files changed, 13 insertions(+), 15 deletions(-)

-- 
You are receiving this mail because:
You are the assignee for the bug.