On Fri, Jul 07, 2017 at 07:01:41PM -0000, Even Rouault wrote: > @seth There's an error regarding the SQLite version number in the CVE > text. It should read "in SQLite before 3.17.0" (and not 3.11.0)
Oh that's unfortuate. I didn't say it was fixed in -any- version in my submission, because it felt to me the 3.17.0 was an accidental no-longer-triggered case not actually fixed-case. After all, the fix was checked into a master branch and no new releases appear to have been tagged afterwards. Thanks for the sharp eyes. I've submitted a change request. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1700937 Title: Heap-buffer overflow in nodeAcquire To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs