aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFernando ApesteguĂ­a <fernape@FreeBSD.org>2026-03-02 18:02:02 +0000
committerFernando ApesteguĂ­a <fernape@FreeBSD.org>2026-03-02 18:02:02 +0000
commit6c8efa3663aa773791c829284b77f5155d52019b (patch)
tree8e91c8421758f480b47084bfe991b9681dcf8a0c
parent7170ba86eca257bf0cca988dfbbd4b9a5dd3617f (diff)
security/vuxml: Amend sqlite entry
Fix vulnerable version range for sqlite-based ports (CVE-2025-7709) PR: 292617 Reported by: jcfyecrayz@liamekaens.com (maintainer) Reviewed by: fluffy@
Diffstat
-rw-r--r--security/vuxml/vuln/2025.xml16
1 files changed, 10 insertions, 6 deletions
diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml
index a6743661c5e4..95d2ed197cf4 100644
--- a/security/vuxml/vuln/2025.xml
+++ b/security/vuxml/vuln/2025.xml
@@ -3138,15 +3138,19 @@ This issue has been patched in version 2.25.2.</p>
<affects>
<package>
<name>sqlite3</name>
- <range><ge>3.49.1,1</ge><lt>3.50.3,1</lt></range>
- </package>
- <package>
- <name>linux_base-rl9</name>
- <range><ge>0</ge></range> <!-- unknown and unrelated fixes might make this disappear, so set >= 0 instead of <= 9.6_1 to err on the safe side -->
+ <range><ge>3.43.0,1</ge><lt>3.50.3,1</lt></range>
</package>
+ <!-- sqlite in -c7 is 3.7.17 and -rl9 is 3.34.1 (both with
+ patches from RedHat). Neither has the vulnerable code
+ that is related to CVE-2025-7709. Neither is in the
+ [3.43.0-3.50.3) range. Furthermore RedHat has said no
+ supported product is affected:
+ https://access.redhat.com/security/cve/cve-2025-7709
+ Although -c7 is no longer supported by RedHat, it is not
+ vulnerable to CVE-2025-7709. -->
<package>
<name>linux-c7-sqlite</name>
- <range><lt>3.50.3</lt></range>
+ <range><lt>3.43.0</lt></range>
</package>
</affects>
<description>
generated by cgit v1.2.3 (git 2.25.1) at 2026-03-15 13:58:53 +0000