Date: Thu, 22 Mar 2018 08:30:42 -0600 From: Adam Weinberger <adamw@adamw.org> To: Yuri Victorovich <yuri@FreeBSD.org> Cc: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r465275 - in head/databases/sqlite3: . files Message-ID: <1F60050C-2237-4791-8CD0-4C03C793F219@adamw.org> In-Reply-To: <201803220852.w2M8qwBX047215@repo.freebsd.org> References: <201803220852.w2M8qwBX047215@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 22 Mar, 2018, at 2:52, Yuri Victorovich <yuri@FreeBSD.org> wrote: > > Author: yuri > Date: Thu Mar 22 08:52:58 2018 > New Revision: 465275 > URL: https://svnweb.freebsd.org/changeset/ports/465275 > > Log: > databases/sqlite3: Patch for CVE-2018-8740 > > Detect databases whose schema is corrupted using > a CREATE TABLE AS statement and issue an appropriate error message. > > CVE-2018-8740 will be entered into VuXML when SQLite will make > a release, because CVE-2018-8740 says that versions up to and including > the current version 3.22.0 are vulnerable. > > Submitted by: Pavel Volkov <pavelivolkov@gmail.com> (maintainer) > Reported by: tj <tj@mrsk.me> Hi Yuri, To be on the safe side, it might be better to create a VuXML entry now, and set it to <lt>3.22.0_1</lt>. It’d make sure people upgrade right away. Also this needs an MFH, no? # Adam -- Adam Weinberger adamw@adamw.org http://www.adamw.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1F60050C-2237-4791-8CD0-4C03C793F219>