oss-sec mailing list archives
Re: Information on recent sqlite3 issues?
From: Nicholas Luedtke <nsl () hpe com>
Date: Thu, 1 Jun 2017 07:17:41 -0600
On 06/01/2017 07:14 AM, Kurt Seifried wrote:
I will bring this up at the next cve board meeting (2 weeks from now). -Kurt
Thanks Kurt, its worth noting this happens often with libxml as well.
On Jun 1, 2017, at 00:20, Johannes Segitz <jsegitz () suse de> wrote:On Thu, Jun 01, 2017 at 12:24:10AM +0200, Andreas Stieger wrote: Hello,On 05/31/2017 10:30 PM, Moritz Muehlenhoff wrote: one of the latest Apple advisories mentions several vulnerabilities in sqlite: https://support.apple.com/en-us/HT207798 CVE-2017-2513: found by OSS-Fuzz CVE-2017-2518: found by OSS-Fuzz CVE-2017-2520: found by OSS-Fuzz CVE-2017-2519: found by OSS-Fuzz CVE-2017-6983: Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro's Zero Day Initiative CVE-2017-6991: Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro's Zero Day Initiative Does anyone have additional information on those and whether that applies to the standard sqlite releases or Apple-specific changes?SUSE has asked Apple, but has not yet received an answer as far as I am aware.They replied:Thank you for contacting the Apple Product Security team. Please contact the SQLite maintainers to coordinate.I think it is problematic that they assign CVEs but don't provice any details even if it's not only their code. I contacted the sqlite-devs for details but didn't receive a reply up to this point. Johannes
-- Nicholas Luedtke HPE Linux Security, Hewlett-Packard Enterprise
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Information on recent sqlite3 issues? Moritz Muehlenhoff (May 31)
- Re: Information on recent sqlite3 issues? Andreas Stieger (May 31)
- Re: Information on recent sqlite3 issues? Johannes Segitz (Jun 01)
- Re: Information on recent sqlite3 issues? Kurt Seifried (Jun 01)
- Re: Information on recent sqlite3 issues? Moritz Muehlenhoff (Jun 01)
- Re: Information on recent sqlite3 issues? Moritz Muehlenhoff (Jun 04)
- Re: Information on recent sqlite3 issues? Salvatore Bonaccorso (Jun 05)
- Re: Information on recent sqlite3 issues? Nicholas Luedtke (Jun 01)
- Re: Information on recent sqlite3 issues? Johannes Segitz (Jun 22)
- Re: Information on recent sqlite3 issues? Johannes Segitz (Jun 01)
- Re: Information on recent sqlite3 issues? Andreas Stieger (May 31)