Solved PKG libxslt is vulnerable

Hi

I have a vulnerable message on my system, but haven't received an update to the fixed version 1.1.33:
Code:
# pkg audit
libxslt-1.1.32_1 is vulnerable:
libxslt -- security framework bypass
WWW: https://vuxml.FreeBSD.org/freebsd/93167bef-9752-11e9-b61c-b885849ded8e.html

1 problem(s) in 1 installed package(s) found.

I see in the ports there is version 1.1.33 available but with pkg only the old version.
This is the same on different releases:
- 11.2
- 11.3
- 12.0
 
Are you using the quarterly packages? It looks like this update wasn't imported on the quarterly branches. Because this is a security update it should have.
 
Hmm didn't know that there are to pkg branches.
I've changed it to latest and then the fixed update is available.

Thanks!
 
-RELEASE versions use the quarterly branch by default. The quarterly branch is updated once every 3 months and only receive security updates during that 3 month period. So this issue should have been imported on the quarterly branch.

The latest package branch follows the ports tree with some lag, it obviously takes some time to build ~38.000 packages for several supported FreeBSD versions and architectures.
 
Back
Top