It seems like CPE_VENDOR should be freedesktop: https://nvd.nist.gov/vuln/detail/CVE-2018-14036
You're absolutely correct. Thanks!
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=342139b9d761e81233e135055e34cb534783ee30 commit 342139b9d761e81233e135055e34cb534783ee30 Author: Bernhard Froehlich <decke@FreeBSD.org> AuthorDate: 2021-09-08 19:34:09 +0000 Commit: Bernhard Froehlich <decke@FreeBSD.org> CommitDate: 2021-09-08 19:37:06 +0000 sysutils/accountsservice: Fix CPE_VENDOR PR: 256111 Submitted by: 0mp Approved by: portmgr (blanket) sysutils/accountsservice/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)