git: f09b5d0669dd - main - security/vuxml: Add SQLite vulnerability
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 28 Oct 2025 16:40:18 UTC
The branch main has been updated by fernape:
URL: https://cgit.FreeBSD.org/ports/commit/?id=f09b5d0669ddceae606011d050163ce3bf698c79
commit f09b5d0669ddceae606011d050163ce3bf698c79
Author: Fernando Apesteguía <fernape@FreeBSD.org>
AuthorDate: 2025-10-28 16:39:25 +0000
Commit: Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2025-10-28 16:40:10 +0000
security/vuxml: Add SQLite vulnerability
* CVE-2025-52099
---
security/vuxml/vuln/2025.xml | 36 ++++++++++++++++++++++++++++++++++++
1 file changed, 36 insertions(+)
diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml
index 9189027f9ff4..5822d015dffc 100644
--- a/security/vuxml/vuln/2025.xml
+++ b/security/vuxml/vuln/2025.xml
@@ -1,3 +1,39 @@
+ <vuln vid="2cd61f76-b41b-11f0-bf21-b42e991fc52e">
+ <topic>SQLite -- Integer Overflow vulnerability</topic>
+ <affects>
+ <package>
+ <name>sqlite</name>
+ <range><lt>3.50.1</lt></range>
+ </package>
+ <package>
+ <name>linux_base-rl9-9.6</name>
+ <range><le>9.6_1</le></range>
+ </package>
+ <package>
+ <name>linux-c7-sqlite</name>
+ <range><lt>3.50.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>http://sqlite3.com reports:</p>
+ <blockquote cite="http://sqlite3.com">
+ <p>Integer Overflow vulnerability in SQLite SQLite3 v.3.50.0
+ allows a remote attacker to cause a denial of service via
+ the setupLookaside function</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2025-52099</cvename>
+ <url>https://cveawg.mitre.org/api/cve/CVE-2025-52099</url>
+ </references>
+ <dates>
+ <discovery>2025-10-24</discovery>
+ <entry>2025-10-28</entry>
+ </dates>
+ </vuln>
+
<vuln vid="a8dacd4b-b416-11f0-9f23-ecf4bbefc954">
<topic>privatebin - Missing HTML sanitisation of attached filename in file size hint enabling persistent XSS</topic>
<affects>