On 1/24/20, Naumowicz, Ken E <ken.naumow...@wecenergygroup.com> wrote: > Hello, > > I need to know if there is a security patch for this CVE on Windows Server > 2012: > > Java SE Vulnerability CVE-2019-16168 Related to JavaFX (SQLite) <<<=== > https://www.symantec.com/security-center/vulnerabilities/writeup/111496 > > NO UPDATE/PATCH FOUND at SQLite - SQLite Homepage > (https://www.sqlite.org/) >
I think this CVE must be referring to a bug that allows an attacker to cause a divide-by-zero by modifying the schema and then injecting an SQL query of their own choosing. If so, that bug has been fixed in the latest release. In fact, all known bugs have been fixed in the latest release. On the other hand, I don't know of any mechanism on Windows Server 2012 by which an attacker can modify the schema of an SQLite database and then inject arbitrary SQL. So it is not clear to me that this is really a vulnerability. -- D. Richard Hipp d...@sqlite.org _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
