Thanks to Chrome{,ium} a recently discovered SQLite exploit has been all over the news for a week now. It is patched on all Linux platforms but has not yet shown up in FreeBSD's vulxml database. Does this mean:
A) FreeBSD versions prior to 3.26.0 are not vulnerable, or B) the ports-secteam is not able to properly maintain the vulnerability database? If the latter perhaps someone from the security team could let us know how such a significant vulnerability could go unflagged for so long and, more importantly, what might be done to address the gap in reporting? Roger Marquis _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"