mail/mutt: Update to version 2.3.1
This is a bug-fix release, fixing a compilation error when configured
--without-wc-funcs, and a potential bug in the folder browser.
pkg-vulnerabilities: add last days CVEs
+ ImageMagick{,6},
binutils (no reference to upstream, recheck if fixed once upstream bug
reports /information are available),
cpp-httplib, expat, ffmpeg,
giflib (no upstream information, assume not fixed),
glpi, gpac, gst-plugins1-{good,bad,ugly},
htslib,
inetutils (no stable release with fixes),
jenkins,
libarchive (not fixed, possible PR under review),
libexif (fixed upstream, no stable release with fix),
libsoup (some not fixed),
mongo-c-driver, mongodb, mumble,
ncurses (under discussion, double-check later, assume valid and not fixed),
nghttp2, p5-XML-Parser, p5-YAML-Syck, py-Glances, py-OpenSSL, py-asn1,
py-authlib, py-simpleeval,
python (no stable releases with the fix),
radare2, samtools, wolfssl, xpdf
pkgsrc/pkgtools/depgraph: update depgraph to 20260319 to fix a portability
bug in the shell function finding paths for executables. No more confusing
messages on Mac/Darwin now.
p5-XML-Parser: update to 2.48.
Security fix release.
2.48 2026-03-18 (by Todd Rinaldo)
Fixes:
- GH #39 Fix off-by-one heap buffer overflow in st_serial_stack growth check (CVE-2006-10003)
- GH #64 Fix buffer overflow in parse_stream when filehandle has :utf8 layer (CVE-2006-10002)
- GH #27 Prevent symbol table auto-vivification in Expat::parse
- GH #30 Set UTF-8 flag on sysid in ExternEnt handler and fix Debug style for non-ASCII chars
- GH #36 Prevent position overflow for large files in line/column/error paths
- GH #41 Fix xml_escape to escape all occurrences of quote characters
- GH #44 Fix lexical filehandle handling in ExternEnt handler return values
- GH #45 Clean up compiler warnings in Expat.xs
- GH #47 Fix routing of character data after root element to Char handler
- GH #48 Fix current_byte overflow for large XML files on 32-bit perl
- GH #50 Propagate xpcroak errors in Subs style instead of swallowing them
- GH #53 Fix parameter entity references in internal DTD subset breaking handler dispatch
[51 lines not shown]
www/firefox: Update to 148.0.2
Changelog:
148.0.2:
Fixed
* Fixed an issue where searches entered in the Firefox Home search field were
incorrectly redirected to the address bar for some users who had disabled
search handoff behavior via advanced settings. (Bug 2017049)
* Fixed an issue where some web-based rich text editors stopped applying
formatting, such as bold or italic. (Bug 2020927)
* Fixed an issue where videos could autoplay unexpectedly on YouTube despite
autoplay being blocked, particularly impacting screen reader users. (Bug
2020233)
* Fixed an issue that caused some absolutely positioned elements meant to be
centered, for example, using margin: auto with inset: 0, to appear
[17 lines not shown]
