Possible error in FreeBSD's VuXML data

Reply: Wall, Stephen: "RE: Possible error in FreeBSD's VuXML data"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Wall, Stephen <stephen.wall_at_redcom.com>
Date: Tue, 26 Aug 2025 20:10:01 UTC

This vulnerability:

sqlite is vulnerable:
  Affected versions:
  < 3.49.1
  sqlite -- integer overflow
  CVE: CVE-2025-29087
  WWW: https://vuxml.FreeBSD.org/freebsd/409206f6-25e6-11f0-9360-b42e991fc52e.html

Is not listed by `pkg audit` on a system with sqlite3- 3.46.1_1,1 installed.  If I run `pkg audit sqlite` it is shown, but not if I run `pkg audit sqlite3`.  I therefore believe it is tagged incorrectly.  AFAICT, there is no sqlite package, just sqlite2 and sqlite3.

--
Stephen Wall
Senior Staff Software Engineer
585.924.7550
[cid:image001.png@01DC16A3.CDAC6560]
REDCOM Laboratories, Inc.<https://www.redcom.com/>
Research, Engineering, & Development in Communications
One Redcom Center, Victor, NY 14564-0995