Date: Sun, 16 Dec 2018 08:13:59 -0800 (PST) From: Roger Marquis <marquis@roble.com> To: freebsd-security@freebsd.org Cc: ports-secteam@FreeBSD.org Subject: SQLite vulnerability Message-ID: <nycvar.OFS.7.76.444.1812160753280.5993@mx.roble.com>
index | next in thread | raw e-mail
Thanks to Chrome{,ium} a recently discovered SQLite exploit has been all
over the news for a week now. It is patched on all Linux platforms but
has not yet shown up in FreeBSD's vulxml database. Does this mean:
A) FreeBSD versions prior to 3.26.0 are not vulnerable, or
B) the ports-secteam is not able to properly maintain the vulnerability
database?
If the latter perhaps someone from the security team could let us know
how such a significant vulnerability could go unflagged for so long and,
more importantly, what might be done to address the gap in reporting?
Roger Marquis
home |
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?nycvar.OFS.7.76.444.1812160753280.5993>