When can we have a secure libxml2?
Jeremy Messenger
mezz7 at cox.net
Tue Oct 21 15:04:17 UTC 2008
On Tue, 21 Oct 2008 06:39:10 -0500, Gunther Mayer
<gunther.mayer at googlemail.com> wrote:
> Jeremy Messenger wrote:
>> On Mon, 20 Oct 2008 11:19:26 -0000, Gunther Mayer
>> <gunther.mayer at googlemail.com> wrote:
>>
>>> Hi there,
>>>
>>> I'm sure I'm not the first person to ask but we're using libxml2 and
>>> the version in ports (2.6.x) currently suffers from a rather serious
>>> security vulnerability:
>>>
>>> http://www.freebsd.org/ports/portaudit/d71da236-9a94-11dd-8f42-001c2514716c.html
>>> Yet there's no libxml2-2.7.x in ports as required by the above notice.
>>> So there's no solution other than compiling an up-to-date one by hand
>>> and that opens up a whole different can of worms regarding
>>> dependencies.
>>>
>>> When will this be addressed?
>>
>> Done.
>
> Great, thank you, much appreciated. I see you commited the security
> patch as libxml2-2.6.32_1 but unfortunately the advisory still claims
> that anything <2.7.x is still affected. So ports still complains that
> the port is insecure, could somebody please change the advisory then?
>
> Right now I still gotta force installation of the updated port with
> DISABLE_VULNERABILITIES=yes :-(
The http://www.freshports.org/textproc/libxml2/ shows that it is not
anymore.
Cheers,
Mezz
> Gunther
--
mezz7 at cox.net - mezz at FreeBSD.org
FreeBSD GNOME Team
http://www.FreeBSD.org/gnome/ - gnome at FreeBSD.org
More information about the freebsd-gnome
mailing list