https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=261285
Xin LI <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|Affects Only Me |Affects Many People CC| |[email protected], | |[email protected] --- Comment #1 from Xin LI <[email protected]> --- For portmgr -- The two versions (2.4.2 and 2.4.3) are ABI and API compatible. Code diff can be reviewed here: https://github.com/libexpat/libexpat/compare/R_2_4_2...R_2_4_3 I've replaced my own desktop's expat2 with an independently created and almost identical patch and didn't observed any issue (as expected). Note that unlike the base system bundled expat2 (libbsdxml) which processes mostly trusted data (GEOM, libmt were from kernel; the exception was unbound-anchor, but that was signed data), vulnerabilities in port expat2 could be a greater threat. -- You are receiving this mail because: You are on the CC list for the bug.
