https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289213
--- Comment #15 from Charlie Li <[email protected]> --- Out of the vulnerabilities recorded in vuxml, only one is directly fixed in libxslt >= 1.1.44. Another, CVEed only because the reporter was using Debian or Ubuntu that shipped even older libxml2 and libxslt, was found to have been fixed in libxml2 since 2.9.10. Yet another is awaiting confirmation from libxslt maintainer that it is fixed in libxml2, backported to 2.14.6. Leaves one that is still open. Due to these disparate statuses, the vuxml entries that were bundled together will need redone. There is no point in creating a port patch and attempting to build it any further than the configure failure until libxml2 can be updated to at least 2.15.1. -- You are receiving this mail because: You are the assignee for the bug.
