> I'm more than happy to write up a guide to help.
Bullet-points for me that explain what consumers of CVEs expect would
be helpful.
Would it be helpful for there to be a page on https://sqlite.org/ that
described the current status of all known CVEs from the perspective of
the SQLite developers?
Examples:
* CVE-2020-11656 → Use-after-free error on debugging builds only.
No impact on release builds. Fix will be part of 3.32.0.
* CVE-2019-16168 → If the containing application includes an
SQL Injection vulnerability then an attacker might be able to exploit
that vulnerability to induce a division-by-zero in SQLite.
Fixed in 3.29.0.
* CVE-2019-19317 → A bug in a development branch of SQLite.
Never appeared in any official SQLite release.
And so forth...