FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-08-08 01:24:40 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
a96cd659-303e-11f0-94b5-54ee755069b5	libxslt -- multiple vulnerabilities [CVE-2024-55549] Fix UAF related to excluded namespaces xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes. [CVE-2025-24855] Fix use-after-free of XPath context node numbers.c in libxslt before 1.1.43 has a use-after-free because , in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal. Discovery 2025-03-13 Entry 2025-05-13 libxslt < 1.1.43 CVE-2024-55549 CVE-2025-24855 https://nvd.nist.gov/vuln/detail/CVE-2024-55549 https://nvd.nist.gov/vuln/detail/CVE-2025-24855
b0a3466f-5efc-11f0-ae84-99047d0a6bcc	libxslt -- unmaintained, with multiple unfixed vulnerabilities Alan Coopersmith reports: On 6/16/25 15:12, Alan Coopersmith wrote: BTW, users of libxml2 may also be using its sibling project, libxslt, which currently has no active maintainer, but has three unfixed security issues reported against it according to https://gitlab.gnome.org/Teams/Releng/security/-/wikis/2025#libxml2-and-libxslt 2 of the 3 have now been disclosed: (CVE-2025-7424) libxslt: Type confusion in xmlNode.psvi between stylesheet and source nodes https://gitlab.gnome.org/GNOME/libxslt/-/issues/139 https://project-zero.issues.chromium.org/issues/409761909 (CVE-2025-7425) libxslt: heap-use-after-free in xmlFreeID caused by `atype` corruption https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 https://project-zero.issues.chromium.org/issues/410569369 Engineers from Apple & Google have proposed patches in the GNOME gitlab issues, but neither has had a fix applied to the git repo since there is currently no maintainer for libxslt. Note that a fourth vulnerability was reported on June 18, 2025, which remains undisclosed to date (GNOME libxslt issue 148, link below), see https://gitlab.gnome.org/Teams/Releng/security/-/wikis/2025#libxml2-and-libxslt Discovery 2025-04-10 Entry 2025-07-12 libxslt < 2 linux-c7-libxslt < 2 linux-rl9-libxslt < 2 CVE-2025-7424 CVE-2025-7425 https://gitlab.gnome.org/Teams/Releng/security/-/wikis/2025#libxml2-and-libxslt https://gitlab.gnome.org/GNOME/libxslt/-/issues/139 https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 https://gitlab.gnome.org/GNOME/libxslt/-/issues/144 https://gitlab.gnome.org/GNOME/libxslt/-/issues/148 https://gitlab.gnome.org/GNOME/libxslt/-/commit/923903c59d668af42e3144bc623c9190a0f65988

VuXML ID

Description

a96cd659-303e-11f0-94b5-54ee755069b5

libxslt -- multiple vulnerabilities

[CVE-2024-55549] Fix UAF related to excluded namespaces

xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.

[CVE-2025-24855] Fix use-after-free of XPath context node

numbers.c in libxslt before 1.1.43 has a use-after-free because , in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.

Discovery 2025-03-13
Entry 2025-05-13
libxslt

< 1.1.43

CVE-2024-55549
CVE-2025-24855
https://nvd.nist.gov/vuln/detail/CVE-2024-55549
https://nvd.nist.gov/vuln/detail/CVE-2025-24855

b0a3466f-5efc-11f0-ae84-99047d0a6bcc

libxslt -- unmaintained, with multiple unfixed vulnerabilities

Alan Coopersmith reports:

On 6/16/25 15:12, Alan Coopersmith wrote:

BTW, users of libxml2 may also be using its sibling project, libxslt, which currently has no active maintainer, but has three unfixed security issues reported against it according to https://gitlab.gnome.org/Teams/Releng/security/-/wikis/2025#libxml2-and-libxslt

2 of the 3 have now been disclosed:

(CVE-2025-7424) libxslt: Type confusion in xmlNode.psvi between stylesheet and source nodes

https://gitlab.gnome.org/GNOME/libxslt/-/issues/139 https://project-zero.issues.chromium.org/issues/409761909

(CVE-2025-7425) libxslt: heap-use-after-free in xmlFreeID caused by `atype` corruption

https://gitlab.gnome.org/GNOME/libxslt/-/issues/140

https://project-zero.issues.chromium.org/issues/410569369

Engineers from Apple & Google have proposed patches in the GNOME gitlab issues, but neither has had a fix applied to the git repo since there is currently no maintainer for libxslt.

Note that a fourth vulnerability was reported on June 18, 2025, which remains undisclosed to date (GNOME libxslt issue 148, link below), see https://gitlab.gnome.org/Teams/Releng/security/-/wikis/2025#libxml2-and-libxslt

Discovery 2025-04-10
Entry 2025-07-12
libxslt

< 2

linux-c7-libxslt

< 2

linux-rl9-libxslt

< 2

CVE-2025-7424
CVE-2025-7425
https://gitlab.gnome.org/Teams/Releng/security/-/wikis/2025#libxml2-and-libxslt
https://gitlab.gnome.org/GNOME/libxslt/-/issues/139
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140
https://gitlab.gnome.org/GNOME/libxslt/-/issues/144
https://gitlab.gnome.org/GNOME/libxslt/-/issues/148
https://gitlab.gnome.org/GNOME/libxslt/-/commit/923903c59d668af42e3144bc623c9190a0f65988