From owner-freebsd-security@freebsd.org Tue Jun 23 10:04:40 2020 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 14B6F34FE16 for ; Tue, 23 Jun 2020 10:04:40 +0000 (UTC) (envelope-from einar@isnic.is) Received: from aker.isnic.is (aker-syslog.isnic.is [193.4.58.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.isnic.is", Issuer "RapidSSL SHA256 CA - G4" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 49rhhk6P1Gz4JCt for ; Tue, 23 Jun 2020 10:04:38 +0000 (UTC) (envelope-from einar@isnic.is) Received: from sirona.isnic.is (sirona.isnic.is [193.4.58.72]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by aker.isnic.is (Postfix) with ESMTPS id 32EE47590A for ; Tue, 23 Jun 2020 10:04:31 +0000 (GMT) Received: from localhost (localhost.localdomain [127.0.0.1]) by sirona.isnic.is (Postfix) with ESMTP id 2E6CA11775EA for ; Tue, 23 Jun 2020 10:04:31 +0000 (GMT) Received: from sirona.isnic.is ([127.0.0.1]) by localhost (sirona.isnic.is [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 2eK_QXzfQAkG for ; Tue, 23 Jun 2020 10:04:31 +0000 (GMT) Received: from sirona.isnic.is (sirona.isnic.is [193.4.58.72]) by sirona.isnic.is (Postfix) with ESMTP id 1B38911775C8 for ; Tue, 23 Jun 2020 10:04:31 +0000 (GMT) Date: Tue, 23 Jun 2020 10:04:31 +0000 (GMT) From: Einar =?utf-8?Q?B=2E_Halld=C3=B3rsson?= To: freebsd-security@freebsd.org Message-ID: <945107541.111081.1592906671063.JavaMail.zimbra@sirona.isnic.is> Subject: Affected packages in vulnxml for sqlite3 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Originating-IP: [193.4.58.72] X-Mailer: Zimbra 8.8.11_GA_3799 (ZimbraWebClient - FF77 (Linux)/8.8.11_GA_3787) Thread-Index: k6Vb63umNQm+P7IBJbWXvhfV78cz+Q== Thread-Topic: Affected packages in vulnxml for sqlite3 X-Rspamd-Queue-Id: 49rhhk6P1Gz4JCt X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of einar@isnic.is designates 193.4.58.91 as permitted sender) smtp.mailfrom=einar@isnic.is X-Spamd-Result: default: False [-2.40 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.78)[-0.782]; RCVD_COUNT_FIVE(0.00)[5]; HAS_XOIP(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:193.4.58.0/23]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.80)[-0.804]; DMARC_NA(0.00)[isnic.is]; NEURAL_HAM_SHORT(-0.52)[-0.517]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:1850, ipnet:193.4.58.0/23, country:EU]; RCVD_TLS_LAST(0.00)[] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Jun 2020 10:04:40 -0000 Hi, I have a problem where pkg audit doesn't recognize that sqlite3-3.31.1_1,1 is vulnerable to https://vuxml.freebsd.org/freebsd/c4ac9c79-ab37-11ea-8b5e-b42e99a1b9c3.html Affected packages includes FreeBSD versions. Is it possible this is in error, or that those version strings don't compare correctly to 12.1-RELEASE-p4? .einar