[Bug 288306] textproc/libxslt: Anticipate release of security patches from somewhere

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 288306] textproc/libxslt: Anticipate release of 1.1.44"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 04 Sep 2025 18:34:28 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=288306

Charlie Li <vishwin@freebsd.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|Open                        |Closed
         Resolution|---                         |Please Upstream

--- Comment #17 from Charlie Li <vishwin@freebsd.org> ---
(In reply to George Mitchell from comment #14)
This bug was already assigned to the maintainer so adding CC did nothing. Both
arrowd@ and myself (amongst others) are desktop@ (maintainer) members.

(In reply to bagas from comment #13)
And the upstream umbrella says "downstream vendors fend for themselves,"
including Debian, when it comes to pulling in non-qualified patches.
Regardless, until the new upstream maintainer has a chance to get themselves
more up to speed and such, you should regard this library as insecure
regardless of any CVEs or lack thereof.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.