Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 1 Jun 2017 07:17:41 -0600
From: Nicholas Luedtke <>
Subject: Re: Information on recent sqlite3 issues?

On 06/01/2017 07:14 AM, Kurt Seifried wrote:
> I will bring this up at the next cve board meeting (2 weeks from now).
> -Kurt
Thanks Kurt, its worth noting this happens often with libxml as well.

>> On Jun 1, 2017, at 00:20, Johannes Segitz <> wrote:
>>> On Thu, Jun 01, 2017 at 12:24:10AM +0200, Andreas Stieger wrote:
>>> Hello,
>>>> On 05/31/2017 10:30 PM, Moritz Muehlenhoff wrote:
>>>> one of the latest Apple advisories mentions several vulnerabilities in sqlite:
>>>> CVE-2017-2513: found by OSS-Fuzz
>>>> CVE-2017-2518: found by OSS-Fuzz
>>>> CVE-2017-2520: found by OSS-Fuzz
>>>> CVE-2017-2519: found by OSS-Fuzz
>>>> CVE-2017-6983: Chaitin Security Research Lab (@...itinTech) working with Trend Micro's Zero Day Initiative
>>>> CVE-2017-6991: Chaitin Security Research Lab (@...itinTech) working with Trend Micro's Zero Day Initiative
>>>> Does anyone have additional information on those and whether that
>>>> applies to the standard sqlite releases or Apple-specific changes?
>>> SUSE has asked Apple, but has not yet received an answer as far as I am
>>> aware.
>> They replied:
>>> Thank you for contacting the Apple Product Security team.
>>> Please contact the SQLite maintainers to coordinate.
>> I think it is problematic that they assign CVEs but don't provice any
>> details even if it's not only their code. I contacted the sqlite-devs for
>> details but didn't receive a reply up to this point.
>> Johannes

Nicholas Luedtke
HPE Linux Security, Hewlett-Packard Enterprise

Content of type "text/html" skipped

Download attachment "signature.asc" of type "application/pgp-signature" (802 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ