bug#47231: sqlite package is vulnerable to CVE-2020-11655, CVE-2020-1165

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#47231: sqlite package is vulnerable to CVE-2020-11655, CVE-2020-1165

From:	Léo Le Bouter
Subject:	bug#47231: sqlite package is vulnerable to CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358 and CVE-2020-9327
Date:	Thu, 18 Mar 2021 12:42:43 +0100
User-agent:	Evolution 3.34.2

According to
https://www.sqlite.org/versionnumbers.html major versions of sqlite remain ABI 
and file format backwards
compatible.

It means we could graft without trouble, 3.32.3 fixes all CVEs, however
3.32 introduces a test failure in Python 3.8.2 which is an errorneous
test testing internal sqlite implementation detail (but grafting wont
actually re-run this test suite).

See: https://bugs.python.org/issue40784

Otherwise I am still trying to run GNU Guix's own test suite on this
but it turns out unnecessarily complicated, see 
https://issues.guix.gnu.org/47230 for suggestions on improving that
process.

Attached WIP patch.

Thank you!

Léo

0001-gnu-sqlite-Update-to-3.32.3-security-fixes.patch
Description: Text Data

signature.asc
Description: This is a digitally signed message part

[Prev in Thread]

Current Thread

[Next in Thread]

bug#47231: sqlite package is vulnerable to CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358 and CVE-2020-9327, Léo Le Bouter <=
- bug#47231: sqlite package is vulnerable to CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358 and CVE-2020-9327, Léo Le Bouter, 2021/03/23
  - bug#47231: sqlite package is vulnerable to CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358 and CVE-2020-9327, Léo Le Bouter, 2021/03/24
    - bug#47231: sqlite package is vulnerable to CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358 and CVE-2020-9327, Tobias Geerinckx-Rice, 2021/03/25
    - bug#47231: sqlite package is vulnerable to CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358 and CVE-2020-9327, Tobias Geerinckx-Rice, 2021/03/25
- bug#47231: sqlite package is vulnerable to CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358 and CVE-2020-9327, Mark H Weaver, 2021/03/25
  - bug#47231: sqlite package is vulnerable to CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358 and CVE-2020-9327, Léo Le Bouter, 2021/03/25

Prev by Date: bug#47230: Build phase to graft during build for better grafts QA
Next by Date: bug#47229: Local privilege escalation via guix-daemon and ‘--keep-failed’
Previous by thread: bug#47230: Build phase to graft during build for better grafts QA
Next by thread: bug#47231: sqlite package is vulnerable to CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358 and CVE-2020-9327
Index(es):
- Date
- Thread