As far as I can tell, this was fixed with <https://cgit.freebsd.org/ports/commit/?id=2bf3900fc8bfca9c896d6d844e336663a40fbfa9>, however there's no sign of a former vulnerability at <https://www.freshports.org/devel/re2c/>.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=1e6f41078eae790b4bf937e6a78c2f4c74bdda24 commit 1e6f41078eae790b4bf937e6a78c2f4c74bdda24 Author: Nuno Teixeira <eduardo@FreeBSD.org> AuthorDate: 2023-01-25 08:11:56 +0000 Commit: Nuno Teixeira <eduardo@FreeBSD.org> CommitDate: 2023-01-25 08:11:56 +0000 security/vuxml: Document CVE-2018-21232 for devel/re2c < 2.0 PR: 269147 Reported by: grahamperrin security/vuxml/vuln/2023.xml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+)
Committed, thanks!