git: bc49b2190bef - main - security/vuxml: Add dns/dnsdist vulnerability < 2.0.1

From: Florian Smeets <flo_at_FreeBSD.org>
Date: Wed, 24 Sep 2025 18:34:39 UTC 
The branch main has been updated by flo:

URL: https://cgit.FreeBSD.org/ports/commit/?id=bc49b2190bef7ecac2082d1fa666a3ac50f8667a

commit bc49b2190bef7ecac2082d1fa666a3ac50f8667a
Author:     Ralf van der Enden <tremere@cainites.net>
AuthorDate: 2025-09-24 18:28:18 +0000
Commit:     Florian Smeets <flo@FreeBSD.org>
CommitDate: 2025-09-24 18:28:18 +0000

    security/vuxml: Add dns/dnsdist vulnerability < 2.0.1
---
 security/vuxml/vuln/2025.xml | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml
index e8dc18e46c4f..3613b324d543 100644
--- a/security/vuxml/vuln/2025.xml
+++ b/security/vuxml/vuln/2025.xml
@@ -1,3 +1,34 @@
+  <vuln vid="c2253bff-9952-11f0-b6e2-6805ca2fa271">
+    <topic>dnsdist -- Denial of service via crafted DoH exchange</topic>
+    <affects>
+      <package>
+	<name>dnsdist</name>
+	<range><lt>2.0.1</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>security@open-xchange.com reports:</p>
+	<blockquote cite="https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2025-05.html">
+	  <p>In some circumstances, when DNSdist is configured to use the nghttp2
+	     library to process incoming DNS over HTTPS queries, an attacker
+	     might be able to cause a denial of service by crafting a DoH exchange
+	     that triggers an unbounded I/O read loop, causing an unexpected
+	     consumption of CPU resources. The offending code was introduced in
+	     DNSdist 1.9.0-alpha1 so previous versions are not affected.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-30187</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-30187</url>
+    </references>
+    <dates>
+      <discovery>2025-09-18</discovery>
+      <entry>2025-09-24</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="57b54de1-85a5-439a-899e-75d19cbdff54">
     <topic>chromium -- multiple security fixes</topic>
     <affects>