Bug 234112 - SQLite: Remote code execution vulnerability (Magellan)
Summary: SQLite: Remote code execution vulnerability (Magellan)
Status: Closed FIXED
Alias: None
Product: Services
Classification: Unclassified
Component: Security Team (show other bugs)
Version: unspecified
Hardware: Any Any
: --- Affects Many People
Assignee: Security Team
URL: https://blade.tencent.com/magellan/in...
Keywords: security, tracking
Depends on: 233712 233990 234113 234191
  Show dependency treegraph
Reported: 2018-12-18 03:20 UTC by Kubilay Kocak
Modified: 2019-03-30 03:06 UTC (History)
4 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Kubilay Kocak freebsd_committer freebsd_triage 2018-12-18 03:20:30 UTC
Tracking issue to coordinate and link related issues and changes in FreeBSD related to the announced vulnerability:


Magellan is a remote code execution vulnerability discovered by Tencent Blade Team that exists in SQLite. As a well-known database, SQLite is widely used in all modern mainstream operating systems and software, so this vulnerability has a wide range of influence. After testing Chromium was also affected by this vulnerability, Google has confirmed and fixed this vulnerability. We will not disclose any details of the vulnerability at this time, and we are pushing other vendors to fix this vulnerability as soon as possible.

Additional References:

- https://access.redhat.com/errata/RHSA-2018:3803
- https://www.debian.org/security/2018/dsa-4352
- https://lwn.net/Articles/774463/
Comment 1 Jochen Neumeister freebsd_committer 2019-02-15 18:36:52 UTC
what is the current status?
Does ports-secteam have to be active here?
Comment 2 Kubilay Kocak freebsd_committer freebsd_triage 2019-03-30 03:06:17 UTC
This was a tracking issue to make it easier for our secteams to coordinate complete resolution, in case it wasn't done in a timely manner by people responsible for updating the various involved components.. All subtasks has been resolved, closing FIXED