From: Volker Schlecht <openbsd-ports@schlecht.dev>
Subject: Re: Patch to fix CVE-2025-53367 in graphics/djvulibre
To: ports@openbsd.org
Date: Sat, 18 Apr 2026 14:00:53 +0200

On 4/18/26 11:43 AM, Stuart Henderson wrote:
> On 2026/04/17 21:33, Volker Schlecht wrote:
>> FWIW: It's CVE-2025-53367
>>
>> Unbuntu has the best writeup I could find in 2 minutes:
>> https://ubuntu.com/security/CVE-2025-53367
> 
> "This issue has been patched in version 3.5.29."
> 
> I'm not seeing anything that looks particularly worrying in the
> 3.5.28->3.5.29 diff, and there are some other improvements we don't
> have in patches, want to give this a spin?

Had that (sans AUTOCONF_VERSION) in my list of diffs for after release :-)

Yesterday I shied back from confirming that some of the patches fixing
security issues and which still apply, are all covered in 3.5.29