[Bug 287391] textproc/libxml2: security patches for 2.11.9

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=287391

--- Comment #27 from Charlie Li <vishwin@freebsd.org> ---
Since there seems to be some insistence on clearing pkg-audit(8) alerts because
of the vuxml entries, I took a further look on backporting the three currently
there. All three commits, taken from the 2.12 branch, are cleanly backportable
to 2.11, and thus the commits will be used directly as PATCHFILES rather than
individual files in ${PATCHDIR}. The test suite passes, which for fixes within
a point release let alone within the same branch is good enough. I will adjust
the vuxml entries accordingly.

For future reference, considering upstream's current stance on security issues,
please do not add vuxml/CVE entries against this port unless fix(es) for the
same vuxml/CVE entry is committed upstream (open issues and merge requests do
not count). Remember that both upstream and desktop@ are ultimately volunteers.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.