Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 1 Jun 2017 08:20:46 +0200
From: Johannes Segitz <jsegitz@...e.de>
To: oss-security@...ts.openwall.com
Subject: Re: Information on recent sqlite3 issues?

On Thu, Jun 01, 2017 at 12:24:10AM +0200, Andreas Stieger wrote:
> Hello,
> 
> 
> On 05/31/2017 10:30 PM, Moritz Muehlenhoff wrote:
> > one of the latest Apple advisories mentions several vulnerabilities in sqlite:
> > https://support.apple.com/en-us/HT207798
> >
> > CVE-2017-2513: found by OSS-Fuzz
> > CVE-2017-2518: found by OSS-Fuzz
> > CVE-2017-2520: found by OSS-Fuzz
> > CVE-2017-2519: found by OSS-Fuzz
> > CVE-2017-6983: Chaitin Security Research Lab (@...itinTech) working with Trend Micro's Zero Day Initiative
> > CVE-2017-6991: Chaitin Security Research Lab (@...itinTech) working with Trend Micro's Zero Day Initiative
> >
> > Does anyone have additional information on those and whether that
> > applies to the standard sqlite releases or Apple-specific changes?
> 
> SUSE has asked Apple, but has not yet received an answer as far as I am
> aware.

They replied:

>Thank you for contacting the Apple Product Security team.
>
>Please contact the SQLite maintainers to coordinate.

I think it is problematic that they assign CVEs but don't provice any
details even if it's not only their code. I contacted the sqlite-devs for
details but didn't receive a reply up to this point.

Johannes
-- 
GPG Key E7C81FA0       EE16 6BCE AD56 E034 BFB3  3ADD 7BF7 29D5 E7C8 1FA0
Subkey fingerprint:    250F 43F5 F7CE 6F1E 9C59  4F95 BC27 DD9D 2CC4 FD66
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton
HRB 21284 (AG Nürnberg)

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ