SQLite version 3.7.15.1, a patch release, is now available on the SQLite
website:
http://www.sqlite.org/
This patch release fixes a single bug the managed to sneak into the 3.7.15
release from last week. Two lines of code changed and one assert() was added:
http://www.sqlite.org/src/fdiff?v1=53b991af50dab230&v2=74d72b1613aac386#chunk1
The complete patch includes the change above, and some new test cases, and the
version number and configure script were updated. A description of the bug
that was fixed is here:
http://www.sqlite.org/src/info/a7b7803e8d1e869
The bug causes a NULL pointer dereference given some unusual but perfectly
legal SQL. The bug is not data dependent and is thus not a security
vulnerability (since if an attacker can inject arbitrary SQL into your
application, then you have already been compromised). If you application does
not use the unusual SQL construct necessary to tickle this bug (and most
applications don't) then you are perfectly safe staying with whatever prior
version of SQLite you are currently using. Nevertheless, upgrading to 3.7.15.1
is recommended.
D. Richard Hipp
[email protected]
_______________________________________________
sqlite-users mailing list
[email protected]
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
