When can we have a secure libxml2?
Gunther Mayer
gunther.mayer at googlemail.com
Tue Oct 21 11:39:26 UTC 2008
Jeremy Messenger wrote:
> On Mon, 20 Oct 2008 11:19:26 -0000, Gunther Mayer
> <gunther.mayer at googlemail.com> wrote:
>
>> Hi there,
>>
>> I'm sure I'm not the first person to ask but we're using libxml2 and
>> the version in ports (2.6.x) currently suffers from a rather serious
>> security vulnerability:
>>
>> http://www.freebsd.org/ports/portaudit/d71da236-9a94-11dd-8f42-001c2514716c.html
>>
>>
>> Yet there's no libxml2-2.7.x in ports as required by the above
>> notice. So there's no solution other than compiling an up-to-date one
>> by hand and that opens up a whole different can of worms regarding
>> dependencies.
>>
>> When will this be addressed?
>
> Done.
Great, thank you, much appreciated. I see you commited the security
patch as libxml2-2.6.32_1 but unfortunately the advisory still claims
that anything <2.7.x is still affected. So ports still complains that
the port is insecure, could somebody please change the advisory then?
Right now I still gotta force installation of the updated port with
DISABLE_VULNERABILITIES=yes :-(
Gunther
More information about the freebsd-gnome
mailing list