From owner-freebsd-security@freebsd.org Mon Aug 10 15:18:18 2020 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 22E5A3A616B for ; Mon, 10 Aug 2020 15:18:18 +0000 (UTC) (envelope-from gordon@tetlows.org) Received: from mail-pj1-x102f.google.com (mail-pj1-x102f.google.com [IPv6:2607:f8b0:4864:20::102f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4BQKNS5d3vz4Q1H for ; Mon, 10 Aug 2020 15:18:16 +0000 (UTC) (envelope-from gordon@tetlows.org) Received: by mail-pj1-x102f.google.com with SMTP id e4so5223678pjd.0 for ; Mon, 10 Aug 2020 08:18:16 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=oSHvCCWjYC3lq1G/dX4dwA1iR+9nDFzpRdDWN+gDyZo=; b=Q3CjrSdtNqoaKDgNRTECDOtYf5T1FL0Fx/Q2opUW99her5SIxp6Xe1pOgcPHPu6CL2 TGbwwX65tfacUg+eS4K2bq75pbJrLQ9YN6+8uPPmol3e4lP8fpgaVzlhxvswbRcLdCuR wds7cLkQ+KJ404ed/3N3PDLXQ/JjX3yp+BFNFZ5L7Z041IWBWP6FWLKgDd8cL9tfIlZR eWVB8GXqTzOUaY6bdXqmPbDZTgNsH2S+12SaUsuUwCQTj1lUxIF3Fr+gTnuj6YGhP05H M1P7WAFLGTEWUtZXGzlGmfzgnQ+Tr/MgZCwe5wzH1QpKLjJGVLQnXyPV+1nsGUNy43Ha 7YnQ== X-Gm-Message-State: AOAM531XLRSqTESvZnLbXqVQj/Tbn3GE+hi1RoxbdHJsOwbK46xa+vo7 qmSJ3gfGsT8B/8y4cHvx8dxPyTIyn/ZO X-Google-Smtp-Source: ABdhPJwmXUvozcO3uOF5qDLMilyIFx5O9c1xiwuVSsFs+9TZe1dkPiLadHAYsAtcEd4mUDg241F/CQ== X-Received: by 2002:a17:902:c404:: with SMTP id k4mr9447165plk.234.1597072695088; Mon, 10 Aug 2020 08:18:15 -0700 (PDT) Received: from ?IPv6:2606:6000:ce82:de00:ade1:cc9:44de:2efa? ([2606:6000:ce82:de00:ade1:cc9:44de:2efa]) by smtp.gmail.com with ESMTPSA id s61sm20846214pjb.57.2020.08.10.08.18.13 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 10 Aug 2020 08:18:13 -0700 (PDT) From: Gordon Tetlow Message-Id: <7B867168-6474-4286-A48D-F35925C9FADB@tetlows.org> Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\)) Subject: Re: FreeBSD Security Advisory FreeBSD-SA-20:22.sqlite Date: Mon, 10 Aug 2020 08:18:09 -0700 In-Reply-To: <0f00291d-e681-9cfc-bdb2-f7635ed81f33@shurik.kiev.ua> Cc: Lukasz via freebsd-security To: Oleksandr Kryvulia References: <20200805175429.DDBF41B725@freefall.freebsd.org> <0f00291d-e681-9cfc-bdb2-f7635ed81f33@shurik.kiev.ua> X-Mailer: Apple Mail (2.3608.120.23.2.1) X-Rspamd-Queue-Id: 4BQKNS5d3vz4Q1H X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.25 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[tetlows.org:s=google]; NEURAL_HAM_MEDIUM(-1.06)[-1.062]; FROM_HAS_DN(0.00)[]; MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; NEURAL_HAM_LONG(-1.00)[-0.999]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[tetlows.org:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::102f:from]; NEURAL_HAM_SHORT(-0.69)[-0.692]; DMARC_POLICY_ALLOW(-0.50)[tetlows.org,quarantine]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_TLS_ALL(0.00)[]; MID_RHS_MATCH_FROM(0.00)[] Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.33 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Aug 2020 15:18:18 -0000 > On Aug 10, 2020, at 7:21 AM, Oleksandr Kryvulia = wrote: >=20 > 05.08.20 20:54, FreeBSD Security Advisories =D0=BF=D0=B8=D1=88=D0=B5=D1=82= : >> a) Download the relevant patch from the location below, and verify = the >> detached PGP signature using your PGP utility. >>=20 >> [FreeBSD 12.1] >> # = fetchhttps://security.FreeBSD.org/patches/SA-20:21/sqlite.12.1.patch >> # = fetchhttps://security.FreeBSD.org/patches/SA-20:21/sqlite.12.1.patch.asc >> # gpg --verify sqlite.12.1.patch.asc >>=20 >> [FreeBSD 11.4] >> # = fetchhttps://security.FreeBSD.org/patches/SA-20:21/sqlite.11.4.patch >> # = fetchhttps://security.FreeBSD.org/patches/SA-20:21/sqlite.11.4.patch.asc >> # gpg --verify sqlite.11.4.patch.asc >>=20 >> [FreeBSD 11.3] >> # = fetchhttps://security.FreeBSD.org/patches/SA-20:21/sqlite.11.3.patch >> # = fetchhttps://security.FreeBSD.org/patches/SA-20:21/sqlite.11.3.patch.asc >> # gpg --verify sqlite.11.3.patch.asc >=20 > Hi, > there is a typo in links -please replace "SA-20:21" with "SA-20:22" Thanks for the report. I've already updated it on the website = (https://www.freebsd.org/security/advisories/FreeBSD-SA-20:22.sqlite.asc = )= based on a previous report. Gordon=