[Bug 210155] textproc/expat2 & textproc/linux-*-expat: Expat issues CVE-2012-6702 and CVE-2016-5300

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210155

--- Comment #10 from Tijl Coosemans <tijl at FreeBSD.org> ---
(In reply to John Hein from comment #9)
It's certainly not ideal, but currently the vulnerability checking mechanism in
the ports tree is overzealous and blocks installation of vulnerable ports
unless people set DISABLE_VULNERABILITIES.  After complaints from users I
considered this blocking to be worse than the vulnerabilities.

Recently Red Hat released a fix for one of the vulnerabilities so that one has
been documented again.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.