Project

General

Profile

Actions
Copy link

Feature #16424

closed

Missing CVE fixes for pfsense supplied Suricata binary

Added by Alexander Lindqvist 21 days ago. Updated 16 days ago.

Status:
Resolved
Priority:
Very High
Assignee:
Brad Davis
Category:
Suricata
Target version:
-
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
25.07.1

Description

PfSense supplied suricata binary 7.0.8 is now 3 versions behind current 7.0.11. Why isn't the pfsense supplied version following Suricata releases more closely?

We are currently missing fixes for the following CVE's.
CVE-2025-29915: HIGH
CVE-2025-29917: HIGH
CVE-2025-29918: HIGH
CVE-2025-29916: Moderate
CVE-2025-53537: HIGH
CVE-2025-53538: HIGH

Actions
Copy link
 #1

Updated by Kris Phillips 19 days ago

  • Status changed from New to Confirmed
  • Priority changed from High to Very High

I can confirm the package version is behind.

Freshports has 7.0.11_1 available upstream: https://www.freshports.org/security/suricata/

Actions
Copy link
 #2

Updated by Brad Davis 16 days ago

  • Status changed from Confirmed to Resolved
  • Assignee set to Brad Davis
  • % Done changed from 0 to 100
  • Plus Target Version set to 25.07.1

Cherry-picked back and published

Actions
Copy link

Also available in: Atom PDF