On 5 Jun 2019, at 2:35am, Mike Nicolino <mike.nicol...@centrify.com> wrote:
> My theory is that it is resolved in the 3.28 SQLite release (rather than on > that date), but I'd like confirmation as the release notes for 3.27 and 3.28 > don't reference it. The only public comment about the fix seems to be here: <https://latesthackingnews.com/2019/05/14/serious-sqlite-remote-code-execution-vulnerability-discovered/> " The vendors subsequently patched the flaw with the release of the version 3.28.0. " Another source, which I do not have permission to refer to publicly, says that this vulnerability was fixed in 3.28.0, described here: <https://www.sqlite.org/releaselog/3_28_0.html> From what I can see neither the vulnerability nor the fix were officially acknowledged by SQLite developers. If you wish to test a SQLite version for a fix yourself, detailed discussion of the vulnerability with demonstration code can be found here: <https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0777> _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
