SQLite vulnerability
Roger Marquis
marquis at roble.com
Sun Dec 16 16:14:08 UTC 2018
Thanks to Chrome{,ium} a recently discovered SQLite exploit has been all
over the news for a week now. It is patched on all Linux platforms but
has not yet shown up in FreeBSD's vulxml database. Does this mean:
A) FreeBSD versions prior to 3.26.0 are not vulnerable, or
B) the ports-secteam is not able to properly maintain the vulnerability
database?
If the latter perhaps someone from the security team could let us know
how such a significant vulnerability could go unflagged for so long and,
more importantly, what might be done to address the gap in reporting?
Roger Marquis
More information about the freebsd-security
mailing list