https://www.vuxml.org/freebsd/c41bedfd-b3f9-11e7-ac58-b499baebfeaf.html It marks mariadb101-server < 10.1.29 vulnerable, but mentioned CVE's are fixed in previous versions (and latest version in 10.1 GA line ist .28). Some of them just didn't exist in MariaDB line Refer to: https://mariadb.com/kb/en/library/security/ https://mariadb.com/kb/en/library/security-vulnerabilities-in-oracle-mysql-that-did-not-exist-in-mariadb/ CVE-2017-10155 - didn't exist CVE-2017-10165 - didn't exist CVE-2017-10167 - didn't exist CVE-2017-10203 - didn't exist CVE-2017-10227 - didn't exist CVE-2017-10268 - applies to 10.0 and 10.2 (not 10.1) CVE-2017-10277 - didn't exist CVE-2017-10279 - didn't exist CVE-2017-10283 - didn't exist CVE-2017-10284 - didn't exist CVE-2017-10286 - fixed in 10.1.26 CVE-2017-10294 - didn't exist CVE-2017-10296 - didn't exist CVE-2017-10311 - didn't exist CVE-2017-10313 - didn't exist CVE-2017-10314 - didn't exist CVE-2017-10320 - applies only do 10.2 CVE-2017-10365 - applies only do 10.2 CVE-2017-10376 - doesn't apply to MySQL/MariaDB CVE-2017-10378 - applies only do 10.2 CVE-2017-10379 - fixed in 10.1.26 CVE-2017-10384 - fixed in 10.1.26
A commit references this bug: Author: brnrd Date: Tue Nov 7 18:42:11 UTC 2017 New revision: 453670 URL: https://svnweb.freebsd.org/changeset/ports/453670 Log: security/vuxml: Fix MySQL 10.1 vulnerable version PR: 223482 Reported by: Marcin Gryszkalis <mg fork pl> Changes: head/security/vuxml/vuln.xml
Thanks for reporting! These vuxml entries remain problematic due to the mix of versions. They're combined to not inflate the number of entries.