On Sun, Dec 16, 2018 at 08:13:59AM -0800, Roger Marquis wrote:
> Thanks to Chrome{,ium} a recently discovered SQLite exploit has been all
> over the news for a week now. It is patched on all Linux platforms but
> has not yet shown up in FreeBSD's vulxml database. Does this mean:
>
> A) FreeBSD versions prior to 3.26.0 are not vulnerable, or
>
> B) the ports-secteam is not able to properly maintain the vulnerability
> database?
>
> If the latter perhaps someone from the security team could let us know
> how such a significant vulnerability could go unflagged for so long and,
> more importantly, what might be done to address the gap in reporting?Almost certainly: C) This vunerability was reported in a random blog post on a Sunday without any details so people haven't caught up with it yet. -- Brooks
signature.asc
Description: PGP signature
