Please bump to 2.7.7 (see https://vuxml.freebsd.org/freebsd/791841a3-d484-4878-8909-92ef9ce424f4.html).
What's going on that a port with several vulnerabilities is not being updated?
Is anybody doing any work to bump patch to 2.7.7? It's already more than half a year passed.
A commit references this bug:
Date: Thu Nov 7 11:35:36 UTC 2019
New revision: 516964
- Pull in security patches from Debian while upstream still CBA
to release a new version after almost a year since those bugs
and vulnerabilities had been reported
- Hook the test suite, which unfortunately requires bash(1), to
- Chase redirection in the WWW line of the port description
Version 2.7.7 had not been released yet, I've pulled security patches from Debian for the moment: ports r516964.
- Assign to committer that resolved
- VuXML entry added in ports r516965 adjusted in ports r516965
- Re-open pending MFH request (security fix)
2020Q1 was branched in r521721, so MFC happened automatically.