From nobody Sat Jun 21 19:32:48 2025 X-Original-To: desktop@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bPkyY05bbz5yvRx for ; Sat, 21 Jun 2025 19:32:53 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4bPkyX2Ypcz3KMx for ; Sat, 21 Jun 2025 19:32:52 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1750534372; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=f/ZaC684uy51WRdygpCIY1e/IJ6LrA4GGjBZZLomX7g=; b=VBhpfDoI7kdC7kYcy7QW8tHCiiI49ClnLclpzTTU0dZIN8rrd8E8HS/xCJZ/EPfWkPKJd3 1q7tQga02/tcuNdLlkEsbmobmeaZMTqgzzXu2dVr4Vh8grtE1lZJu+MOv3kP6VV1i42so6 JwaB7rdU1xm0X5Fwaff8slvkKlfmW0SLjZYWae5dZas9yNJlvCcJPcmf8IjHLRXSPMU3+y H8YK0B+lMcX009BQ/XJut+hjaVP4YkVc7wEaC6i5WEj7206CXTLRLabG1eP2+tK4XsB/96 0+TTrick8kOWF3TwrErVHm0J8P0aaMkeX17+rH/8iLyNYln+WDRruCcir45Gkw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1750534372; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=f/ZaC684uy51WRdygpCIY1e/IJ6LrA4GGjBZZLomX7g=; b=lzs0LJ2hjqyoFYZKxtpAbGk7BKAmvosnNnxyddbQJbRC5cFAQThaL3D2yxdvybZcO6PwpK gA/kdpix7SawsM8RxPXUXteaXSFCufsrrPeG83foF+elGKvjS7I7xBJYDZuWdKDX+cn8vI 4m/uYAYK++K9fa9+Js5b2N4U0bzl9G8TUIVoghgFl9Pcpxz+EwD9g+40e8Hcz1sbWhJRvI Q8nbuk+W70VQ9qFsmZzVValAwX5rwsjQgexGCg4lXP2dkYdMXeWuOD3sYT+9JtZwwQURKs 5EX6VXULUOBpxwmGSr05qK6Nr2V8WK9dRRwgaKP05JIUxVWC0B1xRpuYQb8V5w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1750534372; a=rsa-sha256; cv=none; b=RqKPHhOOgZno755GVra9lwWTNWyXQ3RPPRgfGOO5amHscz/Rhw/5yLnQ/QN3CXBAVsKybo GFysi+OPo6E+oqBE8F5VqPtVG5/CjidZhx9EeZ31fq+htDuSGMSxxKwxC7hY2Lyf7TNLeu LCkrkzht6E2DYDrYUoEGOfWVsvGqNZdtkrtpGUCw1NMYvTnvtmHHYTIIwe2kY/3FpS3qqF O6SqH7NetuDuuSr6erL6wdQlvc4TkjCVVBCP9/Wt2Xde5hpLZFJeYS/rNhYAHYhZDOyfv0 kooyWURgN2IA23Rtt8b/0gX21n/Wne5Iy4nXudjLtqnhKNsKj0l+7sjmicdq9A== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4bPkyW6wGXzlpT for ; Sat, 21 Jun 2025 19:32:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 55LJWpUx034873 for ; Sat, 21 Jun 2025 19:32:51 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 55LJWpIQ034872 for desktop@FreeBSD.org; Sat, 21 Jun 2025 19:32:51 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: desktop@FreeBSD.org Subject: [Bug 287391] textproc/libxml2: security patches for 2.11.9 Date: Sat, 21 Jun 2025 19:32:48 +0000 X-Bugzilla-Reason: CC AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: flo@FreeBSD.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: desktop@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback+ X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="UTF-8" X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Using and improving FreeBSD on the desktop List-Archive: https://lists.freebsd.org/archives/freebsd-desktop List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-desktop@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D287391 --- Comment #33 from Florian Smeets --- (In reply to Charlie Li from comment #27) > For future reference, considering upstream's current stance on security i= ssues, please do not add vuxml/CVE entries against this port unless fix(es)= for the same vuxml/CVE entry is committed upstream (open issues and merge = requests do not count). No, that's certainly not how it works. Upstream's recent announcement regar= ding security issues has nothing to do with FreeBSD ports. When we have vulnerab= le software in ports, it gets marked vulnerable in vuxml, period. Hiding vulnerabilities is a disservice to our users. If there is an announcement, everybody can react the way they need to. In this case, the pressure finally made you commit the backports instead of discouraging submitters and committers who wanted to do the right thing. It's really beyond me how two committers can be so stubbornly arguing again= st security fixes. There's people trying to run professional services with Fre= eBSD and ports/pkgs. --=20 You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug.=