Date: Thu, 01 Jun 2017 08:47:43 +0200 From: Agostino Sarubbo <ago@...too.org> To: oss-security@...ts.openwall.com Cc: Moritz Muehlenhoff <jmm@...ian.org> Subject: Re: Information on recent sqlite3 issues? On Wednesday 31 May 2017 22:30:37 Moritz Muehlenhoff wrote: > Hi, > one of the latest Apple advisories mentions several vulnerabilities in > sqlite: https://support.apple.com/en-us/HT207798 > > CVE-2017-2513: found by OSS-Fuzz > CVE-2017-2518: found by OSS-Fuzz > CVE-2017-2520: found by OSS-Fuzz > CVE-2017-2519: found by OSS-Fuzz > CVE-2017-6983: Chaitin Security Research Lab (@...itinTech) working with > Trend Micro's Zero Day Initiative CVE-2017-6991: Chaitin Security Research > Lab (@...itinTech) working with Trend Micro's Zero Day Initiative > > Does anyone have additional information on those and whether that > applies to the standard sqlite releases or Apple-specific changes? > > Cheers, > Moritz Hi. I don't know about apple itself but in the clusterfuzz reports I see 4 public bugs about sqlite. However they have a very small (2 days) range of regression, i.e. a commit made in those two days causes the problem. I didn't check, but I suspect they didn't go in any release. FTR, the time you are seeing in the regression range is UTC: https://github.com/google/oss-fuzz/issues/563 At this point I don't know if apple referer to those issues or the mentioned issues are not public. -- Agostino Sarubbo Gentoo Linux Developer
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ