Date: Sun, 16 Dec 2018 08:13:59 -0800 (PST) From: Roger Marquis <marquis@roble.com> To: freebsd-security@freebsd.org Cc: ports-secteam@FreeBSD.org Subject: SQLite vulnerability Message-ID: <nycvar.OFS.7.76.444.1812160753280.5993@mx.roble.com>
next in thread | raw e-mail | index | archive | help
Thanks to Chrome{,ium} a recently discovered SQLite exploit has been all
over the news for a week now. It is patched on all Linux platforms but
has not yet shown up in FreeBSD's vulxml database. Does this mean:
A) FreeBSD versions prior to 3.26.0 are not vulnerable, or
B) the ports-secteam is not able to properly maintain the vulnerability
database?
If the latter perhaps someone from the security team could let us know
how such a significant vulnerability could go unflagged for so long and,
more importantly, what might be done to address the gap in reporting?
Roger Marquis
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?nycvar.OFS.7.76.444.1812160753280.5993>