oss-sec mailing list archives
Re: Information on recent sqlite3 issues?
From: Kurt Seifried <kseifrie () redhat com>
Date: Thu, 1 Jun 2017 07:14:46 -0600
I will bring this up at the next cve board meeting (2 weeks from now). -Kurt
On Jun 1, 2017, at 00:20, Johannes Segitz <jsegitz () suse de> wrote:On Thu, Jun 01, 2017 at 12:24:10AM +0200, Andreas Stieger wrote: Hello,On 05/31/2017 10:30 PM, Moritz Muehlenhoff wrote: one of the latest Apple advisories mentions several vulnerabilities in sqlite: https://support.apple.com/en-us/HT207798 CVE-2017-2513: found by OSS-Fuzz CVE-2017-2518: found by OSS-Fuzz CVE-2017-2520: found by OSS-Fuzz CVE-2017-2519: found by OSS-Fuzz CVE-2017-6983: Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro's Zero Day Initiative CVE-2017-6991: Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro's Zero Day Initiative Does anyone have additional information on those and whether that applies to the standard sqlite releases or Apple-specific changes?SUSE has asked Apple, but has not yet received an answer as far as I am aware.They replied:Thank you for contacting the Apple Product Security team. Please contact the SQLite maintainers to coordinate.I think it is problematic that they assign CVEs but don't provice any details even if it's not only their code. I contacted the sqlite-devs for details but didn't receive a reply up to this point. Johannes -- GPG Key E7C81FA0 EE16 6BCE AD56 E034 BFB3 3ADD 7BF7 29D5 E7C8 1FA0 Subkey fingerprint: 250F 43F5 F7CE 6F1E 9C59 4F95 BC27 DD9D 2CC4 FD66 SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton HRB 21284 (AG Nürnberg)
Current thread:
- Information on recent sqlite3 issues? Moritz Muehlenhoff (May 31)
- Re: Information on recent sqlite3 issues? Andreas Stieger (May 31)
- Re: Information on recent sqlite3 issues? Johannes Segitz (Jun 01)
- Re: Information on recent sqlite3 issues? Kurt Seifried (Jun 01)
- Re: Information on recent sqlite3 issues? Moritz Muehlenhoff (Jun 01)
- Re: Information on recent sqlite3 issues? Moritz Muehlenhoff (Jun 04)
- Re: Information on recent sqlite3 issues? Salvatore Bonaccorso (Jun 05)
- Re: Information on recent sqlite3 issues? Nicholas Luedtke (Jun 01)
- Re: Information on recent sqlite3 issues? Johannes Segitz (Jun 22)
- Re: Information on recent sqlite3 issues? Johannes Segitz (Jun 01)
- Re: Information on recent sqlite3 issues? Andreas Stieger (May 31)