Date: Sun, 16 Dec 2018 19:48:38 +0100 From: Remko Lodder <remko@elvandar.org> To: Roger Marquis <marquis@roble.com> Cc: freebsd-security@freebsd.org, "ports-secteam@freebsd.org" <ports-secteam@FreeBSD.org> Subject: Re: SQLite vulnerability Message-ID: <473172DA-7F1E-42EB-8E0B-53122E13E84E@elvandar.org> In-Reply-To: <nycvar.OFS.7.76.444.1812160753280.5993@mx.roble.com> References: <nycvar.OFS.7.76.444.1812160753280.5993@mx.roble.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_076457B1-04D4-45E9-929B-A3627A071F1A
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=utf-8
Hi,
It=E2=80=99s sad to see that you are still as negative as you where not =
that long ago.
I said before that If you rely on the information being up to date, you =
should
sponsor the FF or pay someone to do the work for you. You keep =
forgetting
that we (security-officer@ and ports-secteam@) are volunteers and that
we do this in our free spare time. You cannot demand that we do things =
that
you expect us to do without knowing how people lives are going at that =
same
moment. If they have to choose between your whining and their kids or
family, I would also choose the family.
I do not think the others need to step in for this one, your constant =
negative
attitude towards our ports-secteam people is getting annoying and a =
waste
of our precious time. So either start sending patches, contribute, or =
understand
that this is voluntarily and that their priorities might not be your =
priority.
Thank you, once and for all,
Remko.
> On 16 Dec 2018, at 17:13, Roger Marquis <marquis@roble.com> wrote:
>=20
> Thanks to Chrome{,ium} a recently discovered SQLite exploit has been =
all
> over the news for a week now. It is patched on all Linux platforms =
but
> has not yet shown up in FreeBSD's vulxml database. Does this mean:
>=20
> A) FreeBSD versions prior to 3.26.0 are not vulnerable, or
>=20
> B) the ports-secteam is not able to properly maintain the =
vulnerability
> database?
>=20
> If the latter perhaps someone from the security team could let us know
> how such a significant vulnerability could go unflagged for so long =
and,
> more importantly, what might be done to address the gap in reporting?
>=20
> Roger Marquis
--Apple-Mail=_076457B1-04D4-45E9-929B-A3627A071F1A
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUZm6tSR1fPPy/V/fqMPbslnzjLAFAlwWngYACgkQqMPbslnz
jLBJBA/8DsGQs3vTO/MxTJI+xbSH1oFcoRYbX+C7K6vW5f5KDy5c/UTtVHbY48hy
OBe+nk1KBFLa/DKVUuQOsOq9v48sF7Hz8/bUQo60ezp1aZAPqbETZKNOjSv9OV4i
ZFjclVwp9YcIv4B3LsahbV7io11PPS59/s6aty+Nw+C3B6Cos0zZQ+SAqpEF79ls
MfvrPFbiVI9T62JhJPiPIbTR+O9kSeimauf9F4vcAqgZRzxKLNHQZ3Vru1WDHhbZ
bSVwBWqdi2PQFCmdxQ+mXX7X12zXEPWjg06PUe0n7MP1YVhlv+YgYoxt+fGT6i9j
tlfmv7PbtQ6QgdiZlsm21v8OCeR9xo3EjPRmj35nGIjdc6Es9aMqLxjhi1vpADF8
ynp6ersQd0dM5UNHDmyCCSeGfDFbPjl6NMRza6OYvE/QhhQwZWaGWE5XjxmTQOFU
833J049XfU18UmLze7dP5A24BDKdJ8GQbAU9uoXn9ZRQQSr4Wq2osfp6xExDeYJV
dy9iuhgNN4OhaZW2J42z3HSM2E6VurogU1Knc3Mxw0KKl5zKmeVQSjHaAkhFTBkO
dqEe3y8u7n0nuRtVmSMJr+FSyL6Qipn4jtQvrMz4hJk7WdTz96MZdvvOs4vmkp3O
8VT8ZLZ9EjHH/QdX9qqdkefzThMRJmwXHQE7DOMPTKNyUAXbzYo=
=EYpB
-----END PGP SIGNATURE-----
--Apple-Mail=_076457B1-04D4-45E9-929B-A3627A071F1A--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?473172DA-7F1E-42EB-8E0B-53122E13E84E>