From owner-freebsd-security@freebsd.org Mon Dec 17 08:37:16 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9C9F2133552D for ; Mon, 17 Dec 2018 08:37:16 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: from mail-lj1-x232.google.com (mail-lj1-x232.google.com [IPv6:2a00:1450:4864:20::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1207F89C9D for ; Mon, 17 Dec 2018 08:37:16 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: by mail-lj1-x232.google.com with SMTP id 83-v6so10169315ljf.10 for ; Mon, 17 Dec 2018 00:37:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=5eGbKppkH7W6EwDSvA4fr0dqbbIKTLXCaolA2D+VMIo=; b=cpSkJjl8ZiMiBt89q0RvdRFmfLbtJvep+Y34qCLRUBXUtgVV9nYRkOLc2GjD7CpkMY PAZieakGdse5+Sv1usmUxS4shMGUh93Dk5mgVzGlQEno11declwVWdxvRNkiDIKH/EoR 7vpiT5eldEjaiSxxKzf0XxPqnsiF+eKc4YStYmu5yudgxkza4FNhvLrRrKZZppjDrv5O 2c35jL16MXiaqhcrGwTvsju/U1l4UWdgL/cBxw9HxSMMVI+k8B/ToAh/3dnfnn4iKVlx v/a8u32kClYk4zlDcSe9b+ErqXIzfcEVDrsCFMq7kD3jb/yV0f/jpO93DcWmqVnh5l+v GQUA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=5eGbKppkH7W6EwDSvA4fr0dqbbIKTLXCaolA2D+VMIo=; b=K6LKjB8X22YcWAPwYtFkXDuzqZlyTO49tq1B8JF/28sJPTUli8bP9YkpjEFe04BoZh ui98GRKTRbMEkT+JnZgREisJmq6aWh7Hl8LJmLGO0atwrkcH44xxc8GdvR64l+h2xDL8 5BOxunXFIL5vBNyOrY9u65zmlaDwjEgCaeZk29OHcB/W8VFjVlBRmE1ToPNVMV3ErVub erwpILkhVfmocLohJtTAxMRCAT+/Tg405SAF1UFfn/7ijVXXKu6TAx+uDJJ7eDgWGIFi UOrqty7YsID4trkfPheT0rWKBmHsb3yQhTcxIclxVgVkubJH85BZ6iTCBSpLyCi39tVS BFFg== X-Gm-Message-State: AA+aEWZ3jPT4BplWM3UZ+CxUlMKKbHqgB+qVX/AbgZUfTPu7mBzfxayv 6aZXQamMUv93edqo8+2AtLBC47mQ4BhHlsOXpO0= X-Google-Smtp-Source: AFSGD/VdrmVG9kKgeOvGPQGnBG+fdtnAkfep/06ZtgEbuD70Y1/nfZ/WciKEZUGW5XIjqZnjxQ/YStexM9Rk29qcW4U= X-Received: by 2002:a2e:95c6:: with SMTP id y6-v6mr6754586ljh.59.1545035834536; Mon, 17 Dec 2018 00:37:14 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Robert Simmons Date: Mon, 17 Dec 2018 03:37:02 -0500 Message-ID: Subject: Re: SQLite vulnerability To: Roger Marquis Cc: freebsd-security@freebsd.org X-Rspamd-Queue-Id: 1207F89C9D X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-6.99 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.99)[-0.987,0]; REPLY(-4.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0] Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Dec 2018 08:37:16 -0000 Since you may not read that essay on open source software, here is the salient point for you: - For users: remember when filing an issue, opening a pull request or making a comment on a project to be grateful that people spend their fre= e time to build software you get to use for free. Keep your frustrations a= nd non-actionable negativity to yourself (or at least offline and out of earshot). Don=E2=80=99t expect anyone to fix your issues or help you if = you=E2=80=99re unwilling to dedicate more time to helping yourself than you ask of othe= rs. This means reading all the documentation and trying to resolve your own issues before ever asking for any help. On Sun, Dec 16, 2018, 16:42 Roger Marquis Thanks to Chrome{,ium} a recently discovered SQLite exploit has been all > over the news for a week now. It is patched on all Linux platforms but > has not yet shown up in FreeBSD's vulxml database. Does this mean: > > A) FreeBSD versions prior to 3.26.0 are not vulnerable, or > > B) the ports-secteam is not able to properly maintain the vulnerability > database? > > If the latter perhaps someone from the security team could let us know > how such a significant vulnerability could go unflagged for so long and, > more importantly, what might be done to address the gap in reporting? > > Roger Marquis > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or= g > " >