I have sent this message to ports-secteam@, but I have not received a response, and the error hasn't been fixed. There is an error in vuln/2024.xml, resulting in databases/mysql80-server being incorrectly marked vulnerable. It also may be leading to databases/mysql81-server before version 8.1.1 not being marked vulnerable as they should be.
The error is to be with ID 3b018063-4358-11ef-b611-84a93843eb75. The entry for mysql81-server has been incorrectly entered as mysql80-server - leading to mysql80-server being marked vulnerable because the version will always be less than version 8.1.1. It also leaves the record with duplicate mysql80-server entries, which could also cause issues. Required patch - diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index cdd182d0423f..05c3bd25a415 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -273,7 +273,7 @@ <range><lt>8.1.1</lt></range> </package> <package> - <name>mysql80-server</name> + <name>mysql81-server</name> <range><lt>8.1.1</lt></range> </package> <package> See https://www.vuxml.org/freebsd/3b018063-4358-11ef-b611-84a93843eb75.html