I have sent this message to ports-secteam@, but I have not received a
response, and the error hasn't been fixed. There is an error in
vuln/2024.xml, resulting in databases/mysql80-server being incorrectly
marked vulnerable. It also may be leading to databases/mysql81-server
before version 8.1.1 not being marked vulnerable as they should be.
The error is to be with ID 3b018063-4358-11ef-b611-84a93843eb75. The
entry for mysql81-server has been incorrectly entered as
mysql80-server - leading to mysql80-server being marked vulnerable
because the version will always be less than version 8.1.1.
It also leaves the record with duplicate mysql80-server entries, which
could also cause issues.
Required patch -
diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml
index cdd182d0423f..05c3bd25a415 100644
--- a/security/vuxml/vuln/2024.xml
+++ b/security/vuxml/vuln/2024.xml
@@ -273,7 +273,7 @@
<range><lt>8.1.1</lt></range>
</package>
<package>
- <name>mysql80-server</name>
+ <name>mysql81-server</name>
<range><lt>8.1.1</lt></range>
</package>
<package>
See https://www.vuxml.org/freebsd/3b018063-4358-11ef-b611-84a93843eb75.html
