FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-07-21 20:49:39 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
b0a3466f-5efc-11f0-ae84-99047d0a6bcc	libxslt -- unmaintained, with multiple unfixed vulnerabilities Alan Coopersmith reports: On 6/16/25 15:12, Alan Coopersmith wrote: BTW, users of libxml2 may also be using its sibling project, libxslt, which currently has no active maintainer, but has three unfixed security issues reported against it according to https://gitlab.gnome.org/Teams/Releng/security/-/wikis/2025#libxml2-and-libxslt 2 of the 3 have now been disclosed: (CVE-2025-7424) libxslt: Type confusion in xmlNode.psvi between stylesheet and source nodes https://gitlab.gnome.org/GNOME/libxslt/-/issues/139 https://project-zero.issues.chromium.org/issues/409761909 (CVE-2025-7425) libxslt: heap-use-after-free in xmlFreeID caused by `atype` corruption https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 https://project-zero.issues.chromium.org/issues/410569369 Engineers from Apple & Google have proposed patches in the GNOME gitlab issues, but neither has had a fix applied to the git repo since there is currently no maintainer for libxslt. Note that a fourth vulnerability was reported on June 18, 2025, which remains undisclosed to date (GNOME libxslt issue 148, link below), see https://gitlab.gnome.org/Teams/Releng/security/-/wikis/2025#libxml2-and-libxslt Discovery 2025-04-10 Entry 2025-07-12 libxslt < 2 linux-c7-libxslt < 2 linux-rl9-libxslt < 2 CVE-2025-7424 CVE-2025-7425 https://gitlab.gnome.org/Teams/Releng/security/-/wikis/2025#libxml2-and-libxslt https://gitlab.gnome.org/GNOME/libxslt/-/issues/139 https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 https://gitlab.gnome.org/GNOME/libxslt/-/issues/144 https://gitlab.gnome.org/GNOME/libxslt/-/issues/148 https://gitlab.gnome.org/GNOME/libxslt/-/commit/923903c59d668af42e3144bc623c9190a0f65988

VuXML ID

Description

b0a3466f-5efc-11f0-ae84-99047d0a6bcc

libxslt -- unmaintained, with multiple unfixed vulnerabilities

Alan Coopersmith reports:

On 6/16/25 15:12, Alan Coopersmith wrote:

BTW, users of libxml2 may also be using its sibling project, libxslt, which currently has no active maintainer, but has three unfixed security issues reported against it according to https://gitlab.gnome.org/Teams/Releng/security/-/wikis/2025#libxml2-and-libxslt

2 of the 3 have now been disclosed:

(CVE-2025-7424) libxslt: Type confusion in xmlNode.psvi between stylesheet and source nodes

https://gitlab.gnome.org/GNOME/libxslt/-/issues/139 https://project-zero.issues.chromium.org/issues/409761909

(CVE-2025-7425) libxslt: heap-use-after-free in xmlFreeID caused by `atype` corruption

https://gitlab.gnome.org/GNOME/libxslt/-/issues/140

https://project-zero.issues.chromium.org/issues/410569369

Engineers from Apple & Google have proposed patches in the GNOME gitlab issues, but neither has had a fix applied to the git repo since there is currently no maintainer for libxslt.

Note that a fourth vulnerability was reported on June 18, 2025, which remains undisclosed to date (GNOME libxslt issue 148, link below), see https://gitlab.gnome.org/Teams/Releng/security/-/wikis/2025#libxml2-and-libxslt

Discovery 2025-04-10
Entry 2025-07-12
libxslt

< 2

linux-c7-libxslt

< 2

linux-rl9-libxslt

< 2

CVE-2025-7424
CVE-2025-7425
https://gitlab.gnome.org/Teams/Releng/security/-/wikis/2025#libxml2-and-libxslt
https://gitlab.gnome.org/GNOME/libxslt/-/issues/139
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140
https://gitlab.gnome.org/GNOME/libxslt/-/issues/144
https://gitlab.gnome.org/GNOME/libxslt/-/issues/148
https://gitlab.gnome.org/GNOME/libxslt/-/commit/923903c59d668af42e3144bc623c9190a0f65988