svn commit: r304747 - in head/contrib/sqlite3: . tea
Cy Schubert
Cy.Schubert at komquats.com
Wed Aug 24 19:10:34 UTC 2016
In message <201608241255.u7OCtGK3019972 at slippy.cwsent.com>, Cy Schubert
writes:
> In message <20160824123811.GB74786 at mutt-hardenedbsd>, Shawn Webb writes:
> >
> >
> > --qcHopEYAB45HaUaB
> > Content-Type: text/plain; charset=us-ascii
> > Content-Disposition: inline
> > Content-Transfer-Encoding: quoted-printable
> >
> > On Wed, Aug 24, 2016 at 05:35:54AM -0700, Cy Schubert wrote:
> > > In message <201608241232.u7OCWPsn020853 at repo.freebsd.org>, Cy Schubert=20
> > > writes:
> > > > Author: cy
> > > > Date: Wed Aug 24 12:32:24 2016
> > > > New Revision: 304747
> > > > URL: https://svnweb.freebsd.org/changeset/base/304747
> > > >=20
> > > > Log:
> > > > MFV r304732.
> > > > =20
> > > > Update from sqlite3-3.12.1 (3120100) to sqlite3-3.14.1 (3140100).
> > > > =20
> > > > This commit addresses the tmpdir selection vulnerability fixed in
> > > > sqlite3-1.13.0. See VuXML entry 546deeea-3fc6-11e6-a671-60a44ce6887b
> .
> > > > =20
> > > > Security: VuXML 546deeea-3fc6-11e6-a671-60a44ce6887b
> > > > Security: CVE-2016-6153
> > >=20
> > > This should probably be MFCed in a week unless re@ wants it sooner of=20
> > > course.
> >
> > Does this also need a FreeBSD errata notice or security announcement?
>
> Not for the upcoming 11.0 release. The 10 branch OTOH appears to have
> 1.8.14, which is much much older, so I think that we should or at least do
> a direct commit to simply address the vulnerability. (I haven't looked at
> whether it would be better to MFC to 10 or direct commit to disturb as
> little as possible in the 10 brancn.) The 9 branch doesn't include sqlite3.
>
> I can prepare an MFC to 11 sooner if wanted. I'll look at the 10 branch at
> noon my time today. Relnotes for 11 and an errata announcement for 10 would
> be all that's needed.
Reading email from this morning, looks like an errata notification will
also need to be made for 11.0 when it is released.
--
Cheers,
Cy Schubert <Cy.Schubert at cschubert.com>
FreeBSD UNIX: <cy at FreeBSD.org> Web: http://www.FreeBSD.org
The need of the many outweighs the greed of the few.
More information about the svn-src-head
mailing list