https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=287391
--- Comment #39 from Baptiste Daroussin <[email protected]> --- libxml2 upstream claim they will not embargo anymore any issue, so if there is a CVE it will be public and fixed publically. I don't see any relationship with stop publishing CVE in tools dedicated for audit. so yes we should keep documenting libxml2 or any CVE as soon as they are known. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.
