[Buildroot] [PATCH] package/sqlite: security bump to version 3.25.3
Peter Korsgaard
peter at korsgaard.com
Wed Jan 23 14:31:09 UTC 2019
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes CVE-2018-20346: SQLite before 3.25.3, when the FTS3 extension is
> enabled, encounters an integer overflow (and resultant buffer overflow) for
> FTS3 queries that occur after crafted changes to FTS3 shadow tables,
> allowing remote attackers to execute arbitrary code by leveraging the
> ability to run arbitrary SQL statements (such as in certain WebSQL use
> cases), aka Magellan.
> For more details, see:
> https://blade.tencent.com/magellan/index_en.html
> https://www.sqlite.org/releaselog/3_25_3.html
> https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg113218.html
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2018.02.x and 2018.11.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list