On 12/22/19, Ming Ding <yxmi...@gmail.com> wrote: > We are using SQLite 3.30.1(which release in 2019-10-10) in our project now. > > But there are 5 security vulnerabilities published recently, > CVE-2019-19317,CVE > -2019-19244,CVE-2019-19603,CVE-2019-19645,CVE-2019-19646.
We do not have an anticipated release date for 3.31.0 at this time. You may safely ignore all of the CVEs above. One of those CVEs is simply wrong. The other four only come into play if you allow unauthenticated users to enter arbitrary SQL statements into SQLite, and even in that case, they only allow for a denial-of-service attack, as far as I know. You can also deploy with a prerelease snapshot, which fixes all of the CVEs. Download a prerelease snapshot from the https://sqlite.org/download.html page. -- D. Richard Hipp d...@sqlite.org _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
