In message <201608241255.u7octgk3019...@slippy.cwsent.com>, Cy Schubert writes: > In message <20160824123811.GB74786@mutt-hardenedbsd>, Shawn Webb writes: > > > > > > --qcHopEYAB45HaUaB > > Content-Type: text/plain; charset=us-ascii > > Content-Disposition: inline > > Content-Transfer-Encoding: quoted-printable > > > > On Wed, Aug 24, 2016 at 05:35:54AM -0700, Cy Schubert wrote: > > > In message <201608241232.u7ocwpsn020...@repo.freebsd.org>, Cy Schubert=20 > > > writes: > > > > Author: cy > > > > Date: Wed Aug 24 12:32:24 2016 > > > > New Revision: 304747 > > > > URL: https://svnweb.freebsd.org/changeset/base/304747 > > > >=20 > > > > Log: > > > > MFV r304732. > > > > =20 > > > > Update from sqlite3-3.12.1 (3120100) to sqlite3-3.14.1 (3140100). > > > > =20 > > > > This commit addresses the tmpdir selection vulnerability fixed in > > > > sqlite3-1.13.0. See VuXML entry 546deeea-3fc6-11e6-a671-60a44ce6887b > . > > > > =20 > > > > Security: VuXML 546deeea-3fc6-11e6-a671-60a44ce6887b > > > > Security: CVE-2016-6153 > > >=20 > > > This should probably be MFCed in a week unless re@ wants it sooner of=20 > > > course. > > > > Does this also need a FreeBSD errata notice or security announcement? > > Not for the upcoming 11.0 release. The 10 branch OTOH appears to have > 1.8.14, which is much much older, so I think that we should or at least do > a direct commit to simply address the vulnerability. (I haven't looked at > whether it would be better to MFC to 10 or direct commit to disturb as > little as possible in the 10 brancn.) The 9 branch doesn't include sqlite3. > > I can prepare an MFC to 11 sooner if wanted. I'll look at the 10 branch at > noon my time today. Relnotes for 11 and an errata announcement for 10 would > be all that's needed.
Reading email from this morning, looks like an errata notification will also need to be made for 11.0 when it is released. -- Cheers, Cy Schubert <cy.schub...@cschubert.com> FreeBSD UNIX: <c...@freebsd.org> Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few. _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
