oss-sec mailing list archives
Re: Information on recent sqlite3 issues?
From: Johannes Segitz <jsegitz () suse de>
Date: Thu, 1 Jun 2017 08:20:46 +0200
On Thu, Jun 01, 2017 at 12:24:10AM +0200, Andreas Stieger wrote:
Hello, On 05/31/2017 10:30 PM, Moritz Muehlenhoff wrote:one of the latest Apple advisories mentions several vulnerabilities in sqlite: https://support.apple.com/en-us/HT207798 CVE-2017-2513: found by OSS-Fuzz CVE-2017-2518: found by OSS-Fuzz CVE-2017-2520: found by OSS-Fuzz CVE-2017-2519: found by OSS-Fuzz CVE-2017-6983: Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro's Zero Day Initiative CVE-2017-6991: Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro's Zero Day Initiative Does anyone have additional information on those and whether that applies to the standard sqlite releases or Apple-specific changes?SUSE has asked Apple, but has not yet received an answer as far as I am aware.
They replied:
Thank you for contacting the Apple Product Security team. Please contact the SQLite maintainers to coordinate.
I think it is problematic that they assign CVEs but don't provice any details even if it's not only their code. I contacted the sqlite-devs for details but didn't receive a reply up to this point. Johannes -- GPG Key E7C81FA0 EE16 6BCE AD56 E034 BFB3 3ADD 7BF7 29D5 E7C8 1FA0 Subkey fingerprint: 250F 43F5 F7CE 6F1E 9C59 4F95 BC27 DD9D 2CC4 FD66 SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton HRB 21284 (AG Nürnberg)
Attachment:
signature.asc
Description: Digital signature
Current thread:
- Information on recent sqlite3 issues? Moritz Muehlenhoff (May 31)
- Re: Information on recent sqlite3 issues? Andreas Stieger (May 31)
- Re: Information on recent sqlite3 issues? Johannes Segitz (Jun 01)
- Re: Information on recent sqlite3 issues? Kurt Seifried (Jun 01)
- Re: Information on recent sqlite3 issues? Moritz Muehlenhoff (Jun 01)
- Re: Information on recent sqlite3 issues? Moritz Muehlenhoff (Jun 04)
- Re: Information on recent sqlite3 issues? Salvatore Bonaccorso (Jun 05)
- Re: Information on recent sqlite3 issues? Nicholas Luedtke (Jun 01)
- Re: Information on recent sqlite3 issues? Johannes Segitz (Jun 22)
- Re: Information on recent sqlite3 issues? Johannes Segitz (Jun 01)
- Re: Information on recent sqlite3 issues? Andreas Stieger (May 31)