Our textproc/libxml2 in ports is at 2.9.4. On Sep 4, 2.9.5 was released with some security fixes, from http://xmlsoft.org/news.html: Security: Detect infinite recursion in parameter entities (Nick Wellnhofer), Fix handling of parameter-entity references (Nick Wellnhofer), Disallow namespace nodes in XPointer ranges (Nick Wellnhofer), Fix XPointer paths beginning with range-to (Nick Wellnhofer) On Oct 6, 2.9.6 was released with some more fixes. Since libxml2 may parse untrusted input, a port update would be very welcome.
A commit references this bug: Author: swills Date: Wed Dec 13 14:46:45 UTC 2017 New revision: 456210 URL: https://svnweb.freebsd.org/changeset/ports/456210 Log: textproc/libxml2: update to 2.9.7 PR: 222893 PR: 224189 Reported by: Walter Hop <walter@lifeforms.nl> Approved by: gnome@ (kwm) Exp-run by: antoine MFH: 2017Q4 Security: 76e59f55-4f7a-4887-bcb0-11604004163a Changes: head/textproc/libxml2/Makefile head/textproc/libxml2/distinfo head/textproc/libxml2/files/patch-d8083bf
A commit references this bug: Author: swills Date: Wed Dec 13 14:48:17 UTC 2017 New revision: 456211 URL: https://svnweb.freebsd.org/changeset/ports/456211 Log: MFH: r456210 textproc/libxml2: update to 2.9.7 PR: 222893 PR: 224189 Reported by: Walter Hop <walter@lifeforms.nl> Approved by: gnome@ (kwm) Exp-run by: antoine Security: 76e59f55-4f7a-4887-bcb0-11604004163a Approved by: ports-secteam (implicit) Changes: _U branches/2017Q4/ branches/2017Q4/textproc/libxml2/Makefile branches/2017Q4/textproc/libxml2/distinfo branches/2017Q4/textproc/libxml2/files/patch-d8083bf
Updated and merged to quarterly, thanks for the heads up.