svn commit: r304747 - in head/contrib/sqlite3: . tea
Cy Schubert
Cy.Schubert at komquats.com
Wed Aug 24 12:55:19 UTC 2016
In message <20160824123811.GB74786 at mutt-hardenedbsd>, Shawn Webb writes:
>
>
> --qcHopEYAB45HaUaB
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: inline
> Content-Transfer-Encoding: quoted-printable
>
> On Wed, Aug 24, 2016 at 05:35:54AM -0700, Cy Schubert wrote:
> > In message <201608241232.u7OCWPsn020853 at repo.freebsd.org>, Cy Schubert=20
> > writes:
> > > Author: cy
> > > Date: Wed Aug 24 12:32:24 2016
> > > New Revision: 304747
> > > URL: https://svnweb.freebsd.org/changeset/base/304747
> > >=20
> > > Log:
> > > MFV r304732.
> > > =20
> > > Update from sqlite3-3.12.1 (3120100) to sqlite3-3.14.1 (3140100).
> > > =20
> > > This commit addresses the tmpdir selection vulnerability fixed in
> > > sqlite3-1.13.0. See VuXML entry 546deeea-3fc6-11e6-a671-60a44ce6887b.
> > > =20
> > > Security: VuXML 546deeea-3fc6-11e6-a671-60a44ce6887b
> > > Security: CVE-2016-6153
> >=20
> > This should probably be MFCed in a week unless re@ wants it sooner of=20
> > course.
>
> Does this also need a FreeBSD errata notice or security announcement?
Not for the upcoming 11.0 release. The 10 branch OTOH appears to have
1.8.14, which is much much older, so I think that we should or at least do
a direct commit to simply address the vulnerability. (I haven't looked at
whether it would be better to MFC to 10 or direct commit to disturb as
little as possible in the 10 brancn.) The 9 branch doesn't include sqlite3.
I can prepare an MFC to 11 sooner if wanted. I'll look at the 10 branch at
noon my time today. Relnotes for 11 and an errata announcement for 10 would
be all that's needed.
--
Cheers,
Cy Schubert <Cy.Schubert at cschubert.com>
FreeBSD UNIX: <cy at FreeBSD.org> Web: http://www.FreeBSD.org
The need of the many outweighs the greed of the few.
More information about the svn-src-all
mailing list