Date: Mon, 17 Dec 2018 08:44:35 +0000 From: Brooks Davis <brooks@freebsd.org> To: Roger Marquis <marquis@roble.com> Cc: freebsd-security@freebsd.org, ports-secteam@FreeBSD.org Subject: Re: SQLite vulnerability Message-ID: <20181217084435.GC4757@spindle.one-eyed-alien.net> In-Reply-To: <nycvar.OFS.7.76.444.1812160753280.5993@mx.roble.com> References: <nycvar.OFS.7.76.444.1812160753280.5993@mx.roble.com>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --]
On Sun, Dec 16, 2018 at 08:13:59AM -0800, Roger Marquis wrote:
> Thanks to Chrome{,ium} a recently discovered SQLite exploit has been all
> over the news for a week now. It is patched on all Linux platforms but
> has not yet shown up in FreeBSD's vulxml database. Does this mean:
>
> A) FreeBSD versions prior to 3.26.0 are not vulnerable, or
>
> B) the ports-secteam is not able to properly maintain the vulnerability
> database?
>
> If the latter perhaps someone from the security team could let us know
> how such a significant vulnerability could go unflagged for so long and,
> more importantly, what might be done to address the gap in reporting?
Almost certainly:
C) This vunerability was reported in a random blog post on a Sunday
without any details so people haven't caught up with it yet.
-- Brooks
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
iQEcBAEBAgAGBQJcF2HzAAoJEKzQXbSebgfAvfAIAKFQRE9A2G3nfwVqRjz0ZwzI
cDOXIfm1355TZEBS8lnwoyDpfo30yLHijYqvuAmyEtm+31TLZUCu0gRVxSnNrYgO
xBoMq8p2RUKtMkXporbzPw9/zKA7nmQDmgEzDRgn7O7le0LuwV7aKhMAAitfS30E
w+qMAW9wcMaqc9NaEy+q8c6H/fDwwYKLTKiypWXEaUasX09Ia67gNCDQ72XJ1KT/
Z/kC8iiRPzrFdpjf/yfmX/fCZb2ZJe9+BvNoucVBEkDX5eE3Q+ukf8S7BZsJr5B8
Gpydniiyxo53LQw1P3k5HVFa6qrEkS4Q2q1j4WmN7f9pLnwnnYYkBI4AnM2GMh0=
=Ybhx
-----END PGP SIGNATURE-----
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20181217084435.GC4757>