Site Navigation

Date:      Mon, 02 Mar 2026 18:03:43 +0000
From:      Fernando Apeste=?utf-8?Q?gu=C3=ADa?= <fernape@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Subject:   git: 6c8efa3663aa - main - security/vuxml: Amend sqlite entry
Message-ID:  <69a5d0ff.422c4.7c50c6d5@gitrepo.freebsd.org>

---

index | next in thread | raw e-mail

---

The branch main has been updated by fernape:

URL: https://cgit.FreeBSD.org/ports/commit/?id=6c8efa3663aa773791c829284b77f5155d52019b

commit 6c8efa3663aa773791c829284b77f5155d52019b
Author:     Fernando Apesteguía <fernape@FreeBSD.org>
AuthorDate: 2026-03-02 18:02:02 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2026-03-02 18:02:02 +0000

    security/vuxml: Amend sqlite entry
    
    Fix vulnerable version range for sqlite-based ports (CVE-2025-7709)
    
    PR:             292617
    Reported by:    jcfyecrayz@liamekaens.com (maintainer)
    Reviewed by:    fluffy@
---
 security/vuxml/vuln/2025.xml | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml
index a6743661c5e4..95d2ed197cf4 100644
--- a/security/vuxml/vuln/2025.xml
+++ b/security/vuxml/vuln/2025.xml
@@ -3138,15 +3138,19 @@ This issue has been patched in version 2.25.2.</p>
     <affects>
     <package>
 	<name>sqlite3</name>
-	<range><ge>3.49.1,1</ge><lt>3.50.3,1</lt></range>
-    </package>
-      <package>
-	<name>linux_base-rl9</name>
-	<range><ge>0</ge></range> <!-- unknown and unrelated fixes might make this disappear, so set >= 0 instead of <= 9.6_1 to err on the safe side -->
+	<range><ge>3.43.0,1</ge><lt>3.50.3,1</lt></range>
       </package>
+      <!-- sqlite in -c7 is 3.7.17 and -rl9 is 3.34.1 (both with
+	   patches from RedHat).  Neither has the vulnerable code
+	   that is related to CVE-2025-7709.  Neither is in the
+	   [3.43.0-3.50.3) range.  Furthermore RedHat has said no
+	   supported product is affected:
+	   https://access.redhat.com/security/cve/cve-2025-7709
+	   Although -c7 is no longer supported by RedHat, it is not
+	   vulnerable to CVE-2025-7709. -->
       <package>
 	<name>linux-c7-sqlite</name>
-	<range><lt>3.50.3</lt></range>
+	<range><lt>3.43.0</lt></range>
       </package>
     </affects>
     <description>

home | help

---

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69a5d0ff.422c4.7c50c6d5>

Legal Notices | © 1995-2026 The FreeBSD Project. All rights reserved.

Contact