|
From: | Léo Le Bouter |
Subject: | bug#47231: sqlite package is vulnerable to CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358 and CVE-2020-9327 |
Date: | Thu, 18 Mar 2021 12:42:43 +0100 |
User-agent: | Evolution 3.34.2 |
According to https://www.sqlite.org/versionnumbers.html major versions of sqlite remain ABI and file format backwards compatible. It means we could graft without trouble, 3.32.3 fixes all CVEs, however 3.32 introduces a test failure in Python 3.8.2 which is an errorneous test testing internal sqlite implementation detail (but grafting wont actually re-run this test suite). See: https://bugs.python.org/issue40784 Otherwise I am still trying to run GNU Guix's own test suite on this but it turns out unnecessarily complicated, see https://issues.guix.gnu.org/47230 for suggestions on improving that process. Attached WIP patch. Thank you! Léo
0001-gnu-sqlite-Update-to-3.32.3-security-fixes.patch
Description: Text Data
signature.asc
Description: This is a digitally signed message part
[Prev in Thread] | Current Thread | [Next in Thread] |