mail/mutt: Update to version 2.3.1
This is a bug-fix release, fixing a compilation error when configured
--without-wc-funcs, and a potential bug in the folder browser.
pkg-vulnerabilities: add last days CVEs
+ ImageMagick{,6},
binutils (no reference to upstream, recheck if fixed once upstream bug
reports /information are available),
cpp-httplib, expat, ffmpeg,
giflib (no upstream information, assume not fixed),
glpi, gpac, gst-plugins1-{good,bad,ugly},
htslib,
inetutils (no stable release with fixes),
jenkins,
libarchive (not fixed, possible PR under review),
libexif (fixed upstream, no stable release with fix),
libsoup (some not fixed),
mongo-c-driver, mongodb, mumble,
ncurses (under discussion, double-check later, assume valid and not fixed),
nghttp2, p5-XML-Parser, p5-YAML-Syck, py-Glances, py-OpenSSL, py-asn1,
py-authlib, py-simpleeval,
python (no stable releases with the fix),
radare2, samtools, wolfssl, xpdf
pkgsrc/pkgtools/depgraph: update depgraph to 20260319 to fix a portability
bug in the shell function finding paths for executables. No more confusing
messages on Mac/Darwin now.
p5-XML-Parser: update to 2.48.
Security fix release.
2.48 2026-03-18 (by Todd Rinaldo)
Fixes:
- GH #39 Fix off-by-one heap buffer overflow in st_serial_stack growth check (CVE-2006-10003)
- GH #64 Fix buffer overflow in parse_stream when filehandle has :utf8 layer (CVE-2006-10002)
- GH #27 Prevent symbol table auto-vivification in Expat::parse
- GH #30 Set UTF-8 flag on sysid in ExternEnt handler and fix Debug style for non-ASCII chars
- GH #36 Prevent position overflow for large files in line/column/error paths
- GH #41 Fix xml_escape to escape all occurrences of quote characters
- GH #44 Fix lexical filehandle handling in ExternEnt handler return values
- GH #45 Clean up compiler warnings in Expat.xs
- GH #47 Fix routing of character data after root element to Char handler
- GH #48 Fix current_byte overflow for large XML files on 32-bit perl
- GH #50 Propagate xpcroak errors in Subs style instead of swallowing them
- GH #53 Fix parameter entity references in internal DTD subset breaking handler dispatch
[51 lines not shown]