SQLite vulnerability
Brooks Davis
brooks at freebsd.org
Mon Dec 17 08:44:43 UTC 2018
On Sun, Dec 16, 2018 at 08:13:59AM -0800, Roger Marquis wrote:
> Thanks to Chrome{,ium} a recently discovered SQLite exploit has been all
> over the news for a week now. It is patched on all Linux platforms but
> has not yet shown up in FreeBSD's vulxml database. Does this mean:
>
> A) FreeBSD versions prior to 3.26.0 are not vulnerable, or
>
> B) the ports-secteam is not able to properly maintain the vulnerability
> database?
>
> If the latter perhaps someone from the security team could let us know
> how such a significant vulnerability could go unflagged for so long and,
> more importantly, what might be done to address the gap in reporting?
Almost certainly:
C) This vunerability was reported in a random blog post on a Sunday
without any details so people haven't caught up with it yet.
-- Brooks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20181217/1c17ad68/attachment.sig>
More information about the freebsd-security
mailing list