From owner-svn-ports-all@freebsd.org Thu Mar 22 14:30:54 2018 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 129E2F6C652; Thu, 22 Mar 2018 14:30:54 +0000 (UTC) (envelope-from adamw@adamw.org) Received: from apnoea.adamw.org (apnoea.adamw.org [104.225.5.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "apnoea.adamw.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4C4837773A; Thu, 22 Mar 2018 14:30:53 +0000 (UTC) (envelope-from adamw@adamw.org) Received: by apnoea.adamw.org (OpenSMTPD) with ESMTPSA id 580304b6 TLS version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO; Thu, 22 Mar 2018 08:30:44 -0600 (MDT) Content-Type: text/plain; charset=utf-8; delsp=yes; format=flowed Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\)) Subject: Re: svn commit: r465275 - in head/databases/sqlite3: . files From: Adam Weinberger In-Reply-To: <201803220852.w2M8qwBX047215@repo.freebsd.org> Date: Thu, 22 Mar 2018 08:30:42 -0600 Cc: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Content-Transfer-Encoding: 8bit Message-Id: <1F60050C-2237-4791-8CD0-4C03C793F219@adamw.org> References: <201803220852.w2M8qwBX047215@repo.freebsd.org> To: Yuri Victorovich X-Mailer: Apple Mail (2.3445.5.20) X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Mar 2018 14:30:54 -0000 > On 22 Mar, 2018, at 2:52, Yuri Victorovich wrote: > > Author: yuri > Date: Thu Mar 22 08:52:58 2018 > New Revision: 465275 > URL: https://svnweb.freebsd.org/changeset/ports/465275 > > Log: > databases/sqlite3: Patch for CVE-2018-8740 > > Detect databases whose schema is corrupted using > a CREATE TABLE AS statement and issue an appropriate error message. > > CVE-2018-8740 will be entered into VuXML when SQLite will make > a release, because CVE-2018-8740 says that versions up to and including > the current version 3.22.0 are vulnerable. > > Submitted by: Pavel Volkov (maintainer) > Reported by: tj Hi Yuri, To be on the safe side, it might be better to create a VuXML entry now, and set it to 3.22.0_1. It’d make sure people upgrade right away. Also this needs an MFH, no? # Adam -- Adam Weinberger adamw@adamw.org http://www.adamw.org