[Bug 287391] textproc/libxml2: security patches for 2.11.9

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sun, 22 Jun 2025 17:02:05 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=287391

--- Comment #35 from commit-hook@FreeBSD.org ---
A commit in branch 2025Q2 references this bug:

URL:
https://cgit.FreeBSD.org/ports/commit/?id=42eb50947ae2250b300d5d185a9a2625d211f27c

commit 42eb50947ae2250b300d5d185a9a2625d211f27c
Author:     Charlie Li <vishwin@FreeBSD.org>
AuthorDate: 2025-06-21 18:55:14 +0000
Commit:     Charlie Li <vishwin@FreeBSD.org>
CommitDate: 2025-06-22 17:00:00 +0000

    textproc/libxml2: backport upstream commits fixing CVEs

    [CVE-2024-56171] Fix use-after-free after xmlSchemaItemListAdd
    [CVE-2025-24928] Fix stack-buffer-overflow in xmlSnprintfElements
    [CVE-2025-32414] python: Read at most len/4 characters.

    PR: 287391
    (cherry picked from commit fb3e1d5f3dd216ef419a40570c1a97f1ee28a47f)

 textproc/libxml2/Makefile    | 7 ++++++-
 textproc/libxml2/distinfo    | 8 +++++++-
 textproc/py-libxml2/Makefile | 2 +-
 3 files changed, 14 insertions(+), 3 deletions(-)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.