libxml2 - will it be updated? (security vulnerability)

Jeremy Messenger mezz7 at cox.net
Fri Oct 17 17:14:24 UTC 2008


On Fri, 17 Oct 2008 13:17:42 -0000, Igor Roshchin <str at komkon.org> wrote:

>
> Hello!
>
> libxml2 which is used by various applications outside of Gnome itself
> is reported to have known security vulnerabilities.
> I just looked at libxml2 website and I see that FreeBSD ports are
> several versions (and about half a year) behind the source.
> (the version 2.7 which presumably fixed the problem was released on Aug.
> 30, while FreeBSD port is stuck at 2.6.32: Apr 8 2008)
>
> I do not mean to blaim anybody (I know that there was a port freeze
> recently), - I am just trying to alert people in
> charge for this port, in case it slipped through the cracks.

The 2.7.0 and 2.7.1 are too buggy, and broke many stuff. The 2.7.2 (fixed  
bugs) seems to be better, but I am not trust it to get into FreeBSD ports  
during the slush. If you can point me where security patch(es) for 2.6.32  
and I will be happy to it put in FreeBSD port, then bump it.

Cheers,
Mezz

> Best regards,
>
> Igor
>
> Igor Roshchin
> KomKon Sites


-- 
mezz7 at cox.net  -  mezz at FreeBSD.org
FreeBSD GNOME Team
http://www.FreeBSD.org/gnome/  -  gnome at FreeBSD.org


More information about the freebsd-gnome mailing list