Re: Updating libxslt ?
- In reply to: Wismos_a_proton.me: "Re: Updating libxslt ?"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 04 Sep 2025 20:21:13 UTC
> On Sep 4, 2025, at 13:03, Wismos@proton.me wrote: > > libxslt is not getting unmaintained upstream, It was, from about March, until a week ago, as mentioned by the former maintainer. https://discourse.gnome.org/t/stepping-down-as-libxslt-maintainer/27615 > the reason for it being marked depcrecated in freebsd poets, is because currently two knowm vulnerabilities exist for it, one of which is unpatched upstream but disclosed while the other one isn't even disclosed yet, see https://cgit.freebsd.org/ports/commit/?id=dceb46fc8a6eea281dbafc46e6452a9d82550b09 and https://www.freshports.org/vuxml.php?vid=1a2aa04f-3718-11e6-b3c8-14dae9d210b8%7C93167bef-9752-11e9-b61c-b885849ded8e%7Ca96cd659-303e-11f0-94b5-54ee755069b5%7Cb0a3466f-5efc-11f0-ae84-99047d0a6bcc for more info Having no maintainer *plus* cves active *and* other vulnerabilities known to be on the horizon is probably why it was deprecated. If the new maintainer picks up the reins, maybe that will change. -Dan > -------- Original Message -------- > On 04/09/25 9:51 pm, Daniel Lysfjord <lysfjord.daniel@smokepit.net> wrote: > >> On 2025-09-04 17:11, Tim Daneliuk wrote: >>> Is there an update for this on the horizon? >>> >>> The current state of having known security vulnerabilities is >>> wreaking havoc with portmaster updates. >>> >>> Not complaining, just trying to understand the state of things. >>> >>> Best, >>> T >> >> Hi, >> >> [0] and [1] doesn't paint a too nice picture for this library. Seems >> like it is not maintained, and will be archived "soon".. Another gnome >> library left to rot:) >> >> 0: https://www.freshports.org/textproc/libxslt/ >> 1: https://gitlab.gnome.org/GNOME/libxslt/-/issues >> >> >