Hi László On Sun, Dec 18, 2022 at 10:24:50AM +0100, László Böszörményi (GCS) wrote: > Hi Salvatore, > > On Sat, Dec 17, 2022 at 9:42 PM Salvatore Bonaccorso <car...@debian.org> > wrote: > > CVE-2022-46908[0]: > > | SQLite through 3.40.0, when relying on --safe for execution of an > > | untrusted CLI script, does not properly implement the > > | azProhibitedFunctions protection mechanism, and instead allows UDF > > | functions such as WRITEFILE. > Thanks for reporting! Going to fix it in minutes. > > > Please adjust the affected versions in the BTS as needed. > The report is most probably correct. At least the safe option was > added in 3.37.1 [1] and so this vulnerability does not affect our > stable release which has the older, 3.34.1 version.
Many thanks for the unstable upload and checking status for bullseye and older. Regards, Salvatore
