Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SQLite 3.30.0 security update #895

Closed
brodycj opened this issue Sep 27, 2019 · 2 comments
Closed

SQLite 3.30.0 security update #895

brodycj opened this issue Sep 27, 2019 · 2 comments

Comments

@brodycj
Copy link
Contributor

brodycj commented Sep 27, 2019

http://sqlite.1065341.n5.nabble.com/SQLite-version-3-30-0-in-about-two-weeks-td108708.html

including discussion of a recent CVE: https://nvd.nist.gov/vuln/detail/CVE-2019-16168

@brodycj
Copy link
Contributor Author

brodycj commented Oct 6, 2019

SQLite 3.30.0 is now available: https://www.sqlite.org/releaselog/3_30_0.html

From https://www.sqlite.org/releaselog/3_30_0.html, https://www.sqlite.org/src/timeline?c=98357d8c1263920b33a3&y=ci and http://sqlite.1065341.n5.nabble.com/SQLite-version-3-30-0-in-about-two-weeks-td108708.html I would infer that the SQLITE_DETERMINISTIC flag needs to be used as documented in: https://www.sqlite.org/c3ref/c_deterministic.html

Unfortunately I cannot properly test this kind of an update since my mac is out for repair. I hope to get this rectified in the near future.

CORRECTED: Striking out my comment about using the SQLITE_DETERMINISTIC flag due to my own misinterpretation.

According to the information in http://sqlite.1065341.n5.nabble.com/SQLite-version-3-30-0-in-about-two-weeks-td108708.html, the actual security update is here: https://www.sqlite.org/src/info/98357d8c1263920b

@brodycj brodycj pinned this issue Oct 6, 2019
@brodycj
Copy link
Contributor Author

brodycj commented Dec 3, 2019

Update with SQLite 3.30.1 was just published on this plugin version, needs to be made on the other plugin versions.

@brodycj brodycj closed this as completed Jan 9, 2020
@brodycj brodycj unpinned this issue Jan 9, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant