Date: Tue, 18 Dec 2018 19:21:32 +1100 From: Kubilay Kocak <koobs@FreeBSD.org> To: freebsd-security@freebsd.org Cc: ports-secteam@FreeBSD.org, "secteam@freebsd.org" <secteam@freebsd.org> Subject: Re: SQLite vulnerability Message-ID: <1594cbdb-46eb-a4cd-2e97-bc6164b2824e@FreeBSD.org> In-Reply-To: <nycvar.OFS.7.76.444.1812170758000.59073@mx.roble.com> References: <nycvar.OFS.7.76.444.1812160753280.5993@mx.roble.com> <20181217084435.GC4757@spindle.one-eyed-alien.net> <14b152b6-b994-2b1a-c1ac-0fc2f606149a@FreeBSD.org> <nycvar.OFS.7.76.444.1812170758000.59073@mx.roble.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 18/12/2018 3:06 am, Roger Marquis wrote: > On Mon, 17 Dec 2018, Kubilay Kocak wrote: >> Pretty close :) >> Original source/announcement: >> https://www.tenable.com/blog/magellan-remote-code-execution-vulnerability-in-sqlite-disclosed >> [December 14th, 2018] > > Not original though Tenable may have based their announcement on: > > > https://meterpreter.org/sqlite-remote-code-execution-vulnerability-alert/ > [December 11th, 2014] > >> I've already re-opened Issue #233712 [1], which was our >> databases/sqlite3 port update to 3.26.0 and requested a merge to >> quarterly. > > Thank you Kubila and thanks to pavelivolkov@gmail.com who updated the > sqlite3 > port on December 4th. > > Roger Marquis Created a parent tracking bug linking the existing issues, and for any other issues to be linked: SQLite: Remote code execution vulnerability (Magellan) https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=234112
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1594cbdb-46eb-a4cd-2e97-bc6164b2824e>