textproc/xmlto and textproc/minixmlto and textproc/libxslt when will the situation improve?

cracauer@ · Sep 4, 2025

Did you contact the port maintainer with this?

I can't judge whether and how this addresses the vulnerability, and the commit itself doesn't say.

covacat · Sep 4, 2025

libxslt (1.1.43-0.1) unstable; urgency=medium

* Non-maintainer upload.
* CVE-2025-7424: libxslt: Type confusion in xmlNode.psvi between
stylesheet and source nodes.

-- Matthias Klose <doko@debian.org> Wed, 13 Aug 2025 11:52:50 +0200
this is in the debian changelog
this is the source of the patch

http://deb.debian.org/debian/pool/main/libx/libxslt/libxslt_1.1.43-0.2.debian.tar.xz

bagas · Sep 4, 2025

The only thing left to do is update port in FreeBSD.

diizzy · Sep 4, 2025

Here's my ports overlay which imports this fix for libxslt and another potential one for libxml2 (see commit log)

GitHub - diizzyy/ports-overlay: FreeBSD ports tree with some ports reworked

FreeBSD ports tree with some ports reworked. Contribute to diizzyy/ports-overlay development by creating an account on GitHub.

github.com

Use at own discretion
There's a crude script if you want to use the ports tree instead ( at /usr/ports ), don't use it unless you understand the implications.

Works for me (tm) and what I use on my boxes

textproc/xmlto and textproc/minixmlto and textproc/libxslt when will the situation improve?

cracauer@

covacat

bagas

diizzy

GitHub - diizzyy/ports-overlay: FreeBSD ports tree with some ports reworked