SQLite vulnerability

[Remko Lodder]

Hi,

It’s sad to see that you are still as negative as you where not that long ago.

I said before that If you rely on the information being up to date, you should
sponsor the FF or pay someone to do the work for you. You keep forgetting
that we (security-officer@ and ports-secteam@) are volunteers and that
we do this in our free spare time. You cannot demand that we do things that
you expect us to do without knowing how people lives are going at that same
moment. If they have to choose between your whining and their kids or
family, I would also choose the family.

I do not think the others need to step in for this one, your constant negative
attitude towards our ports-secteam people is getting annoying and a waste
of our precious time. So either start sending patches, contribute, or understand
that this is voluntarily and that their priorities might not be your priority.

Thank you, once and for all,
Remko.

> On 16 Dec 2018, at 17:13, Roger Marquis <marquis at roble.com> wrote:
> 
> Thanks to Chrome{,ium} a recently discovered SQLite exploit has been all
> over the news for a week now.  It is patched on all Linux platforms but
> has not yet shown up in FreeBSD's vulxml database.  Does this mean:
> 
> A) FreeBSD versions prior to 3.26.0 are not vulnerable, or
> 
> B) the ports-secteam is not able to properly maintain the vulnerability
> database?
> 
> If the latter perhaps someone from the security team could let us know
> how such a significant vulnerability could go unflagged for so long and,
> more importantly, what might be done to address the gap in reporting?
> 
> Roger Marquis

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20181216/d702daf3/attachment.sig>