On 2015-12-22 13:48, Richard Hipp wrote: > I do not know where those vulnerability reports originated. They did > not originate from me. For that matter, I was never consulted about > them. None of them represent real vulnerabilities, in my assessment. > All of the problems identified have been fixed for a long time.
Perhaps it was part of a full disclosure consideration. > I think that these reports achieve nothing beyond vulnerability > fatigue. I think it is shameful that nvd.nist.gov publishes them. Some software uses the affected versions and it's a good idea they know that the software is affected. It's a matter of transparency.
