Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 17 Dec 2018 03:37:02 -0500
From:      Robert Simmons <rsimmons0@gmail.com>
To:        Roger Marquis <marquis@roble.com>
Cc:        freebsd-security@freebsd.org
Subject:   Re: SQLite vulnerability
Message-ID:  <CA%2BQLa9D4vC7ZOEHV0zPMzAE_dubM9msdaW_Ag-igJe7aubD2oA@mail.gmail.com>
In-Reply-To: <nycvar.OFS.7.76.444.1812160753280.5993@mx.roble.com>
References:  <nycvar.OFS.7.76.444.1812160753280.5993@mx.roble.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Since you may not read that essay on open source software, here is the
salient point for you:

   - For users: remember when filing an issue, opening a pull request or
   making a comment on a project to be grateful that people spend their fre=
e
   time to build software you get to use for free. Keep your frustrations a=
nd
   non-actionable negativity to yourself (or at least offline and out of
   earshot). Don=E2=80=99t expect anyone to fix your issues or help you if =
you=E2=80=99re
   unwilling to dedicate more time to helping yourself than you ask of othe=
rs.
   This means reading all the documentation and trying to resolve your own
   issues before ever asking for any help.


On Sun, Dec 16, 2018, 16:42 Roger Marquis <marquis@roble.com wrote:

> Thanks to Chrome{,ium} a recently discovered SQLite exploit has been all
> over the news for a week now.  It is patched on all Linux platforms but
> has not yet shown up in FreeBSD's vulxml database.  Does this mean:
>
>   A) FreeBSD versions prior to 3.26.0 are not vulnerable, or
>
>   B) the ports-secteam is not able to properly maintain the vulnerability
>   database?
>
> If the latter perhaps someone from the security team could let us know
> how such a significant vulnerability could go unflagged for so long and,
> more importantly, what might be done to address the gap in reporting?
>
> Roger Marquis
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or=
g
> "
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BQLa9D4vC7ZOEHV0zPMzAE_dubM9msdaW_Ag-igJe7aubD2oA>