From owner-freebsd-questions@freebsd.org Thu Sep 24 00:38:31 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A95A43E3D70 for ; Thu, 24 Sep 2020 00:38:31 +0000 (UTC) (envelope-from dead_line@hotmail.com) Received: from NAM04-DM6-obe.outbound.protection.outlook.com (mail-dm6nam08olkn2010.outbound.protection.outlook.com [40.92.45.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "GlobalSign Organization Validation CA - SHA256 - G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4BxbkZ301Jz4bSW for ; Thu, 24 Sep 2020 00:38:29 +0000 (UTC) (envelope-from dead_line@hotmail.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FNeCjtB1KUl1aHIr2HOo9zNblWIh7x7vZkI+zCIAdPCZw5pznu79wEvnuUlaPSXdnDq8euj25rKlki4+PAn3rKa0FLh+tBeVWAyahNXvhEJQaa1z8+Cnkh5aobul4VAhWYAK76YhQ+oXxNQdkFW1cApVqlbyr3pdIEOGLWPVRwiK3fRL38M5jN9FLPiomC/qvOCq+hkBgItr+t9jWORI+LcfjPyc94MfCScFluyfaToDBJ81nS9d7cbNgoiQwkhUkvaJWtNZNNQWQ4tjkRT8/NQ4g4zVVl8nP9ulGM+KZjYS1jUSwwaqyfVfarmLuNbUTixxiifuWoOGno71+fGqWQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mGUiulv5CjUuQgesQt3yN3DMVX1N2gXS/Q/vSAamG7Q=; b=Mh0MHR/bpLXtFrrMp6pKe7xq3OX3a/Bu1rqMw+wsMwgz7a+iSZLacRmZElJr+INV2Aog8JsXuuQsrt6DSGks9hdKMxUxyVaTFwKdxjHf6DAfAAJFPTEWF2RpREn1ygwx2t1cC6NfBikJCo1OuFYUh/cgL94MSa3fSs4u6kgP+3kNo9SrzzCOUol944r83FAYUNSc1zsM/Y/NMSdsmFYTRT8N7O3mX9P5PhWsiknPTBWNGMfBj1Tgw4CL0wT8knUYweG+huHCcPnnZ8DKH5VhngBEBnRX+PTJvNPKGEowxNQB3pmeWkwDadh1Blff6Gtam5K113Zw0mUBYSG7nQVRkQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mGUiulv5CjUuQgesQt3yN3DMVX1N2gXS/Q/vSAamG7Q=; b=o23uz2Kbw632I1lR46SGhqwCr/9oB6Hv+5xDN8PZJ6fv4fNKQ+rGWHb0j56mHQoAHlgcL1xflGa1rGMslASiRGrR0yT7CrJpwupwj3U/AkdgJl6gegNTIuVPAPhpYAolUZTM9PwN+70YLGEBeQkH6DkcJwN54Gj5vPNkOUoKipAprJoFxqwBz9swU+hDaTklrJ0YGXXpnGKuysNxbZHlB506Sd41CW2davt23Rt/2Bi+14DM84X4agZgghgHHYuRiwIZQrsyxlmZBMCaQ4FlrsksDfbN05NlOMqWoXdzIIO0iSGOdr9cd0DkDYnmdTY1BMxUjnhd2Ur5EKdwwIzrhw== Received: from BN8NAM04FT050.eop-NAM04.prod.protection.outlook.com (2a01:111:e400:7e85::46) by BN8NAM04HT113.eop-NAM04.prod.protection.outlook.com (2a01:111:e400:7e85::144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3412.21; Thu, 24 Sep 2020 00:38:28 +0000 Received: from MWHPR06MB3247.namprd06.prod.outlook.com (2a01:111:e400:7e85::45) by BN8NAM04FT050.mail.protection.outlook.com (2a01:111:e400:7e85::272) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3412.21 via Frontend Transport; Thu, 24 Sep 2020 00:38:28 +0000 Received: from MWHPR06MB3247.namprd06.prod.outlook.com ([fe80::151c:bf35:d08e:cad6]) by MWHPR06MB3247.namprd06.prod.outlook.com ([fe80::151c:bf35:d08e:cad6%7]) with mapi id 15.20.3391.026; Thu, 24 Sep 2020 00:38:28 +0000 From: Marwan Sultan To: "freebsd-questions@freebsd.org" Subject: libxml2-2.9.10 is vulnerable Thread-Topic: libxml2-2.9.10 is vulnerable Thread-Index: AQHWkgpJbYxkdsR7RkaWfYksj5667Q== Date: Thu, 24 Sep 2020 00:38:28 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-incomingtopheadermarker: OriginalChecksum:D099C77CCE2C5FE9C1B8A2045060F39D3B1B4FDD61B094FADB47805E1FD990A4; UpperCasedChecksum:C1C8A4A4BF9EFBC4F94A1AD6AF2192721E3EC30E5A30C131B08A00DC1F7CF7DC; SizeAsReceived:6660; Count:42 x-ms-exchange-messagesentrepresentingtype: 1 x-tmn: [O81rKKO5UQ9tYZ8xuq1fFEc4Sj5I/KIk] x-ms-publictraffictype: Email x-incomingheadercount: 42 x-eopattributedmessage: 0 x-ms-office365-filtering-correlation-id: e2484d15-675c-49e4-afda-08d8602227cb x-ms-traffictypediagnostic: BN8NAM04HT113: x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: eOey0/hjvefBMFWaha9bMNCi0cPiFGyOR/qceMivV2esA44cPMzwqF5GoCaKBYDkTmli9il5c6CtZeQIUCqSS4hV1UXI1OOq/59Bawh+PDmzc7Kb24Su7M4RRVYufdtRYkmhIOb1CGdxlu0TZ93Mjr+0ovgazNuLF9deaaQ0JFa9Oi21VW97cVWkL2q5KLPDcPRKPsnwZ93EiieMN1mFshw4a5EHbqXclJPPpsFBSZ1fCV5Vi7B2zFzp8825T9Tx x-ms-exchange-antispam-messagedata: 80sRhs7mpM/dXk+NNz0VBfUlxXS+9t1pS6eh2Sud4wNA1h8JQOgNXDD/6y1fNpaQ6yYjYYA+eywNgkozhOyGRnmOcZiDCdAjVg5NQzWkzQQXgmlH4ZI3RAfV5OZkpTkWmcdJJ2LaBpG0vkN2thd0dA== x-ms-exchange-transport-forked: True MIME-Version: 1.0 X-OriginatorOrg: hotmail.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-AuthSource: BN8NAM04FT050.eop-NAM04.prod.protection.outlook.com X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-CrossTenant-Network-Message-Id: e2484d15-675c-49e4-afda-08d8602227cb X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Sep 2020 00:38:28.5110 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Internet X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8NAM04HT113 X-Rspamd-Queue-Id: 4BxbkZ301Jz4bSW X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=hotmail.com header.s=selector1 header.b=o23uz2Kb; dmarc=pass (policy=none) header.from=hotmail.com; spf=pass (mx1.freebsd.org: domain of dead_line@hotmail.com designates 40.92.45.10 as permitted sender) smtp.mailfrom=dead_line@hotmail.com X-Spamd-Result: default: False [-3.69 / 15.00]; FREEMAIL_FROM(0.00)[hotmail.com]; R_SPF_ALLOW(-0.20)[+ip4:40.92.0.0/15]; HFILTER_HELO_IP_A(1.00)[nam04-dm6-obe.outbound.protection.outlook.com]; HFILTER_HELO_NORES_A_OR_MX(0.30)[nam04-dm6-obe.outbound.protection.outlook.com]; RCVD_COUNT_THREE(0.00)[4]; DKIM_TRACE(0.00)[hotmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[hotmail.com,none]; NEURAL_HAM_SHORT(-1.04)[-1.039]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ARC_ALLOW(-1.00)[microsoft.com:s=arcselector9901:i=1]; ASN(0.00)[asn:8075, ipnet:40.80.0.0/12, country:US]; FREEMAIL_ENVFROM(0.00)[hotmail.com]; DWL_DNSWL_NONE(0.00)[hotmail.com:dkim]; NEURAL_HAM_MEDIUM(-0.94)[-0.939]; R_DKIM_ALLOW(-0.20)[hotmail.com:s=selector1]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.02)[-1.016]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; RCPT_COUNT_ONE(0.00)[1]; RCVD_IN_DNSWL_NONE(0.00)[40.92.45.10:from]; TO_DN_EQ_ADDR_ALL(0.00)[]; RWL_MAILSPIKE_POSSIBLE(0.00)[40.92.45.10:from]; MAILMAN_DEST(0.00)[freebsd-questions] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.33 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Sep 2020 00:38:31 -0000 Good day/evening FreeBSDer Its a fresh server, up to date ports, up to date release. FreeBSD localhost 12.1-RELEASE-p10 FreeBSD 12.1-RELEASE-p10 GENERIC amd64 #portmaster -a =3D=3D=3D>>> Gathering distinfo list for installed ports =3D=3D=3D>>> Starting check of installed ports for available updates =3D=3D=3D>>> All ports are up to date BUT checking the ports # pkg audit -F vulnxml file up-to-date libxml2-2.9.10 is vulnerable: libxml -- multiple vulnerabilities WWW: https://vuxml.FreeBSD.org/freebsd/f5abafc0-fcf6-11ea-8758-e0d55e2a8bf9= .html Kindly, Any idea how to fix this port? Best regards Marwan