[Bug 287391] textproc/libxml2: security patches for 2.11.9

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 21 Jun 2025 18:58:26 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=287391

--- Comment #32 from commit-hook@FreeBSD.org ---
A commit in branch main references this bug:

URL:
https://cgit.FreeBSD.org/ports/commit/?id=fb3e1d5f3dd216ef419a40570c1a97f1ee28a47f

commit fb3e1d5f3dd216ef419a40570c1a97f1ee28a47f
Author:     Charlie Li <vishwin@FreeBSD.org>
AuthorDate: 2025-06-21 18:55:14 +0000
Commit:     Charlie Li <vishwin@FreeBSD.org>
CommitDate: 2025-06-21 18:55:14 +0000

    textproc/libxml2: backport upstream commits fixing CVEs

    [CVE-2024-56171] Fix use-after-free after xmlSchemaItemListAdd
    [CVE-2025-24928] Fix stack-buffer-overflow in xmlSnprintfElements
    [CVE-2025-32414] python: Read at most len/4 characters.

    PR: 287391

 textproc/libxml2/Makefile    | 7 ++++++-
 textproc/libxml2/distinfo    | 8 +++++++-
 textproc/py-libxml2/Makefile | 2 +-
 3 files changed, 14 insertions(+), 3 deletions(-)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.