On 2025-11-04 04:03, Olle E. Johansson wrote: >> On 3 Nov 2025, at 19:07, Art Manion <[email protected]> wrote:
>>>> CVEs against dnsmasq (CVE-2025-12198, CVE-2025-12199, CVE-2025-12200) >>>> and Kamailio (CVE-2025-12204, CVE-2025-12205, CVE-2025-12206, and >>>> CVE-2025-12207) mentioned in this thread are not yet disputed and have >>>> no comments of this sort in their descriptions. >> >> I asked VulDB to mark the dnsmasq CVE IDs as disputed. The VulDB CNA decided to reject the dnsmasq CVE IDs. >>> As part of the Kamailio project I can say that we did just become aware >>> of these CVEs in your email. They do not make sense. Trying to get to >>> the report, the config files used to provoke the issue can’t be downloaded. > We’ve gone back and this was our core developer’s reaction to the mail we got > earlier to our security address: > > "This is clearly spam, imo: vague/generic reporting, no explicit naming > of Kamailio ... the email was not sent from the vuldb.com server > but from mc20a2201.dnh.net ([185.46.57.114]) -- I would suggest to not > clink on the links, they might lead to malware, etc... I understand both sides of this problem. Would it have helped if the VulDB notification included details such as these (from CVE-2025-12207)? https://shimo.im/docs/vVqRMVMlrycMO63y/read - Art
