Date: Wed, 29 Oct 2025 09:01:43 +0100 From: =?UTF-8?Q?Fernando_Apestegu=C3=ADa?= <fernando.apesteguia@gmail.com> To: Kurt Jaeger <pi@freebsd.org> Cc: "Wall, Stephen" <stephen.wall@redcom.com>, FreeBSD Mailing List <freebsd-ports@freebsd.org> Subject: Re: Undocumented vulnerabilities in SQLite2 and erlang? Message-ID: <CAGwOe2bZcqdN3V_uvHHnHsgZkn_vKT9zGWbL0r=LqdiuMXwhbA@mail.gmail.com> In-Reply-To: <aQD-yx4e3TeYeRbb@fc.opsec.eu> References: <MW4PR09MB9284244078740D268711AB50EEFDA@MW4PR09MB9284.namprd09.prod.outlook.com> <aQD-yx4e3TeYeRbb@fc.opsec.eu>
next in thread | previous in thread | raw e-mail | index | archive | help
--0000000000009a9ef606424785cc Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable El mar, 28 oct 2025, 18:35, Kurt Jaeger <pi@freebsd.org> escribi=C3=B3: > Hi! > > > I=E2=80=99ve recently become aware of CVE-2025-4748 for Erlang < 26.2.5= .13, and > CVE-2025-7709 for SQLite3 < 3.50.3, and do not see these in the > vulnerability database. > > Are these not applicable to FreeBSD=E2=80=99s ports of these packages, = or does > the vuln.xml need to be updated? > > The process to add entries to vuln.xml is not watertight, so I > would guess it needs updates to add those entries. > > Can you provide those entries ? I'll try to have a look at this today > > -- > pi@FreeBSD.org +49 171 3101372 Now what ? > > --0000000000009a9ef606424785cc Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"auto"><div><br><br><div class=3D"gmail_quote gmail_quote_contai= ner"><div dir=3D"ltr" class=3D"gmail_attr">El mar, 28 oct 2025, 18:35, Kurt= Jaeger <<a href=3D"mailto:pi@freebsd.org">pi@freebsd.org</a>> escrib= i=C3=B3:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .= 8ex;border-left:1px #ccc solid;padding-left:1ex">Hi!<br> <br> > I=E2=80=99ve recently become aware of CVE-2025-4748 for Erlang < 26= .2.5.13, and CVE-2025-7709 for SQLite3 < 3.50.3, and do not see these in= the vulnerability database.<br> > Are these not applicable to FreeBSD=E2=80=99s ports of these packages,= or does the vuln.xml need to be updated?<br> <br> The process to add entries to vuln.xml is not watertight, so I<br> would guess it needs updates to add those entries.<br> <br> Can you provide those entries ?</blockquote></div></div><div dir=3D"auto"><= br></div><div dir=3D"auto">I'll try to have a look at this today</div><= div dir=3D"auto"><br></div><div dir=3D"auto"><div class=3D"gmail_quote gmai= l_quote_container"><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 = .8ex;border-left:1px #ccc solid;padding-left:1ex"> <br> <br> -- <br> pi@FreeBSD.org=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0+49 171 3101372=C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Now what ?<br> <br> </blockquote></div></div></div> --0000000000009a9ef606424785cc--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGwOe2bZcqdN3V_uvHHnHsgZkn_vKT9zGWbL0r=LqdiuMXwhbA>