From nobody Wed Aug 27 17:00:21 2025 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cBrPf11Q1z65Jy8; Wed, 27 Aug 2025 17:00:22 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4cBrPd70ZDz3g82; Wed, 27 Aug 2025 17:00:21 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1756314022; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/IeTxj2f2o3m+kob2gGIBFSsKoGGxuEkHELGB58kAxo=; b=Gow9tIDiwJBGfjaeuI4q2ZFrIUD6MCqpD57/BDPN79vZ6bSW5UTiBzHqt7Ti8miQPH8MpR +E7WCRgfkbbcz5J0IRUQBwH1tvSRBq2rK3ZcBgHS63gotcr22ucS0LVxdsHfvNZmjgiGOd nEkl9jywkX1xCreBBNyNsO42k/XR+q7B/IIQEWPhq9o4b3quR0YcmbfqeGZ07SLrlOIzYW upaV6qG96WkHUUJkxy15JfkMzsPMnw9znNXUzqE4M6knt5PjhFU72H4WvOfVlXOdxHC4fd vJNWniijWCvTxu5OOH8GDsH6QC2t900YXRPq4gFn8np6O/VIUMsmT61fddPgCQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1756314022; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/IeTxj2f2o3m+kob2gGIBFSsKoGGxuEkHELGB58kAxo=; b=f+mxuJUj2d5Q5Yk11UA4N+ZIWhAd+O6yBM6q7hboWks5KTcJ9Lf/2jQT5J6oyTkXdcmqAF ZbcIVtShFBl1E+7l3Wh5KHUg7Zt4h9jcWV6JHL2PR7nj3Uy8HJDdJeDtH5rHAoN7LdujgZ qBfaoOhot8hYWT4GSK7qJWdgTg0Te+P3b8ypLQw4PkOzp1nlM+XWt/nfuhiGmwQbkGdFFb 6AIOOHyIWZRj9IF/G55vkxZYfkN4IFO7iPky3ksnD0Hk0hMRCltvs7NEIXRmrI6YY0gSeE fRe1BoJS9y+QDcF7CmC2TmsF8jO7ezH+Um7qLC9HT7XxB6WiBkrJlWc5w4ybrQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1756314022; a=rsa-sha256; cv=none; b=q1bV15nnbodkmAis7U+U6Cl0fHXemFxl4vCzHn3mzIfFRELwt7MR8a+O2s1PhaPCOzkpLn SdUB6lTAv4U/VOjog4uEm1x0Xn5boxnItgSJbxItBeErDCV/+hbEuQ9Y3z4p4WVEhDn/1x R0FOKnEW4LO9bTusccFGt505359vL0p2OLjxTLjpTVP0F1FujYOIYd7c6Au3ew3Qm6uzjZ BwxuiiBsSLpWyNscpwiu/D6pULpJLjouGXna2M+akVXK4yGxGp8QXGlQ3LuWeZKQAbwAMK 9CYBMxSTeanb/11PWISSDSiz3qzFDKAnogA9qAUr2G9R5j//djEmCG8lVYuk9w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4cBrPd6MxlzWtD; Wed, 27 Aug 2025 17:00:21 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 57RH0LLl069136; Wed, 27 Aug 2025 17:00:21 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 57RH0LCC069133; Wed, 27 Aug 2025 17:00:21 GMT (envelope-from git) Date: Wed, 27 Aug 2025 17:00:21 GMT Message-Id: <202508271700.57RH0LCC069133@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Fernando =?utf-8?Q?Apestegu=C3=ADa?= Subject: git: 0b5abbbf089b - main - security/vuxml: Add SQLite vulnerability List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-ports-main@freebsd.org Sender: owner-dev-commits-ports-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: fernape X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 0b5abbbf089bddb2e0e75c2eb8235a565d85dfcd Auto-Submitted: auto-generated The branch main has been updated by fernape: URL: https://cgit.FreeBSD.org/ports/commit/?id=0b5abbbf089bddb2e0e75c2eb8235a565d85dfcd commit 0b5abbbf089bddb2e0e75c2eb8235a565d85dfcd Author: Fernando ApesteguĂ­a AuthorDate: 2025-08-27 16:59:39 +0000 Commit: Fernando ApesteguĂ­a CommitDate: 2025-08-27 17:00:06 +0000 security/vuxml: Add SQLite vulnerability * CVE-2025-29088 --- security/vuxml/vuln/2025.xml | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index acb32c2444fe..e8651b2ce86e 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -1,3 +1,41 @@ + + SQLite -- application crash + + + sqlite3 + 3.49.1 + + + linux_base-rl9-9.6 + 9.6 + + + linux-c7-sqlite + 3.7.17_2 + + + + +

cve@mitre.org reports:

+
+

In SQLite 3.49.0 before 3.49.1, certain argument values + to sqlite3_db_config (in the C-language API) can cause a + denial of service (application crash). An sz*nBig + multiplication is not cast to a 64-bit integer, and + consequently some memory allocations may be incorrect.

+
+ + + + CVE-2025-29088 + https://nvd.nist.gov/vuln/detail/CVE-2025-29088 + + + 2025-04-10 + 2025-08-27 + + + p5-Catalyst-Authentication-Credential-HTTP -- Insecure source of randomness