diff options
author | Matthias Andree <mandree@FreeBSD.org> | 2025-07-12 11:10:11 +0200 |
---|---|---|
committer | Matthias Andree <mandree@FreeBSD.org> | 2025-07-12 11:13:36 +0200 |
commit | dceb46fc8a6eea281dbafc46e6452a9d82550b09 (patch) | |
tree | f231d078f57f02b045cf3053c7f92a4ad53b70f4 /textproc/libqxp/files | |
parent | net/usockets: Enable riscv64 build (diff) |
Note that libxslt is vulnerable, unfixed, and without maintainer.
Two of four vulnerabilities have been fixed.
Note that libxml2 in our ports is vulnerable and there is no upstream
release fixing these bugs, they need cherry-picks.
Deprecate textproc/xmlto and textproc/minixmlto,
which both depend on the unmaintained and vulnerable libxslt.
I have filed https://pagure.io/xmlto/issue/15 to ask the xmlto
upstream to switch to different XML/XSLT libraries.
Two issues are undisclosed and do not seem to have a CVE assigned yet.
Security: CVE-2025-6021
Security: CVE-2025-6170
Security: CVE-2025-7424
Security: CVE-2025-7425
Security: CVE-2025-49794
Security: CVE-2025-49795
Security: CVE-2025-49795
Security: https://gitlab.gnome.org/GNOME/libxml2/-/issues/913
Security: https://gitlab.gnome.org/GNOME/libxml2/-/issues/926
Security: https://gitlab.gnome.org/GNOME/libxml2/-/issues/931
Security: https://gitlab.gnome.org/GNOME/libxml2/-/issues/932
Security: https://gitlab.gnome.org/GNOME/libxml2/-/issues/933
Security: https://gitlab.gnome.org/GNOME/libxml2/-/issues/935
Security: https://gitlab.gnome.org/GNOME/libxml2/-/issues/941
Security: https://gitlab.gnome.org/GNOME/libxslt/-/issues/139
Security: https://gitlab.gnome.org/GNOME/libxslt/-/issues/140
Security: https://gitlab.gnome.org/GNOME/libxslt/-/issues/144
Security: https://gitlab.gnome.org/GNOME/libxslt/-/issues/148
Security: https://gitlab.gnome.org/Teams/Releng/security/-/wikis/2025#libxml2-and-libxslt
Security: https://www.openwall.com/lists/oss-security/2025/06/16/6
Diffstat (limited to 'textproc/libqxp/files')
0 files changed, 0 insertions, 0 deletions