Re: Information on file, sqlite, libarchive, pcre issues for CVE IDs assigned by Apple?

[Hanno Böck <hanno () hboeck de>]

On Wed, 28 Feb 2018 21:24:10 +0100
Moritz Muehlenhoff <jmm () debian org> wrote:

> Of the IDs mentioned above, only CVE-2017-10989 refers to specific,
> identifiable information. Does anyone on the list have additional
> information on any of these bugs; allowing to map them to upstream
> bug reports/patches?

This only partly answers your question, but the oss-fuzz issues are
handled in a public bug tracker (public as in "they become public once
they're fixed or a deadline has passed" I believe):
https://bugs.chromium.org/p/oss-fuzz/issues/list

You'll find issues in sqlite, file and libarchive there, but of course
that doesn't give you a mapping to the CVEs assigned.

-- 
Hanno Böck
https://hboeck.de/

mail/jabber: hanno () hboeck de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42