SQLite Forum

When will/were recent "sqlite3 new security issues CVEs" be addressed?
I attempted to engage with NIST about this. Maybe I did it wrong, or contacted
the wrong people, but for whatever reason, they seemed to have no
interest in my input regarding CVEs written against SQLite.

Maybe you know better how to interact with NIST?  Care to offer
advice on how to go about making a difference - about how to go
about updating and correcting CVEs written against SQLite?

As far as I've seen so far, the NIST organization in charge of CVEs is
opaque and unaccountable.  They do not, in my experience, seem interested
in improving the quality of CVEs.  To my mind, this is all the more reason
to not pay any attention to CVEs.

I suppose that whenever NIST publishes false information about SQLite,
I could sue them for libel.  That would likely get their attention and
might provoke a more helpful response whenever I write to them about
problems in their reports.  But starting lawsuits is expensive and
contentious, does not actually improve the software in any way, and
takes time away from actually working to make SQLite better.
So, I figure it is better to just ignore NIST and hope that they will
soon go away.

Maybe it's just me (maybe its just wishful thinking on my part) but I
get the sense that people are more and more aware of the deficiencies
of CVEs (as currently implemented) and are correspondingly less concerned
with them.