Date: Tue, 28 Oct 2025 18:35:07 +0100 From: Kurt Jaeger <pi@freebsd.org> To: "Wall, Stephen" <stephen.wall@redcom.com> Cc: FreeBSD Mailing List <freebsd-ports@freebsd.org> Subject: Re: Undocumented vulnerabilities in SQLite2 and erlang? Message-ID: <aQD-yx4e3TeYeRbb@fc.opsec.eu> In-Reply-To: <MW4PR09MB9284244078740D268711AB50EEFDA@MW4PR09MB9284.namprd09.prod.outlook.com> References: <MW4PR09MB9284244078740D268711AB50EEFDA@MW4PR09MB9284.namprd09.prod.outlook.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi! > I’ve recently become aware of CVE-2025-4748 for Erlang < 26.2.5.13, and CVE-2025-7709 for SQLite3 < 3.50.3, and do not see these in the vulnerability database. > Are these not applicable to FreeBSD’s ports of these packages, or does the vuln.xml need to be updated? The process to add entries to vuln.xml is not watertight, so I would guess it needs updates to add those entries. Can you provide those entries ? -- pi@FreeBSD.org +49 171 3101372 Now what ?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?aQD-yx4e3TeYeRbb>