libxslt When will version v1.1.45 be available in ports?

Code: 
Now we have 1.1.45 upstream, which happened so it would populate in
GNOME MASTER_SITES. No changes from 1.1.44.
Unfortunately this will have to wait, since libxml2 >= 2.15.1 is now required.
Code: 
Out of the vulnerabilities recorded in vuxml, only one is directly fixed in
libxslt >= 1.1.44. Another, CVEed only because the reporter was using
Debian or Ubuntu that shipped even older libxml2 and libxslt, was found
to have been fixed in libxml2 since 2.9.10. Yet another is awaiting confirmation
from libxslt maintainer that it is fixed in libxml2, backported to 2.14.6.
Leaves one that is still open. Due to these disparate statuses, the vuxml
entries that were bundled together will need redone.

There is no point in creating a port patch and attempting to build it any further
than the configure failure until libxml2 can be updated to at least 2.15.1.
 
I think there's some disturbance in the force libxml2/libxslt landscape (might not be directly related to the question but not likely to be helping):

discourse.gnome.org

Stepping down as libxslt maintainer

I’m stepping down as maintainer of libxslt which means that this project is more or less unmaintained for now. I will continue to maintain libxml2 at least until the end of 2025.
discourse.gnome.org discourse.gnome.org
discourse.gnome.org

Stepping down as libxml2 maintainer

I’m stepping down as maintainer of libxml2 which means that this project is more or less unmaintained for now. I will fix regressions in the 2.15 release until the end of 2025.
discourse.gnome.org discourse.gnome.org
 
You must log in or register to reply here.
Back
Top