https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=287391
Daniel Engberg <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #6 from Daniel Engberg <[email protected]> --- As someone who has been trying to push a version that is supported upstream I'm not too fond of this idea. 2.11 branch is dead and unsupported upstream, there have been many changes to internal code between 2.11 - 2.14 so I would suggest that further investigation needs to be done to ensure that functionality is retained as intended and there are more CVEs but I didn't list all in VuXML. https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=libxml2 These are new and fixes have been committed upstream https://gitlab.gnome.org/GNOME/libxml2/-/issues/932 https://gitlab.gnome.org/GNOME/libxml2/-/issues/931 https://gitlab.gnome.org/GNOME/libxml2/-/issues/933 We do have a pretty much final version (PR 279705) however there are a few fallouts left. In case you're wondering about why there are two versions, the CMake version has been used for testing pretty much the whole time including fixing PRs except for the last exp-run (which is pretty much identical the previous one). The current also includes upstream commits (various bug fixes etc) which are to be included in next release for 2.14 branch which the other version lacks. Charlie is only one blocking it (so if you want to get it going I'd suggest you ask portmgr for a final decision, futher testing as it has recieved a lot less testing and evaluation) if we are go that route. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.
