FreeBSD: VID-b0a3466f-5efc-11f0-ae84-99047d0a6bcc (CVE-2025-7425): libxslt -- multiple vulnerabilities

Alan Coopersmith reports: On 6/16/25 15:12, Alan Coopersmith wrote: BTW, users of libxml2 may also be using its sibling project, libxslt, which currently has no active maintainer, but has three unfixed security issues reported against it according to https://gitlab.gnome.org/Teams/Releng/security/-/wikis/2025#libxml2-and-libxslt 2 of the 3 have now been disclosed: (CVE-2025-7424) libxslt: Type confusion in xmlNode.psvi between stylesheet and source nodes https://gitlab.gnome.org/GNOME/libxslt/-/issues/139 https://project-zero.issues.chromium.org/issues/409761909 (CVE-2025-7425) libxslt: heap-use-after-free in xmlFreeID caused by `atype` corruption https://gitlab.gnome.org/GNOME/libxslt/-/issues/140https://project-zero.issues.chromium.org/issues/410569369 Engineers from Apple & Google have proposed patches in the GNOME gitlab issues, but neither has had a fix applied to the git repo since there is currently no maintainer for libxslt. Note that a fourth vulnerability was reported on June 18, 2025, which remains undisclosed to date (GNOME libxslt issue 148, link below), see https://gitlab.gnome.org/Teams/Releng/security/-/wikis/2025#libxml2-and-libxslt Iván Chavero reports vs. v1.1.44: [CVE-2025-11731] Fix: End function node ancestor search at document