diff options
| author | Peter Korsgaard <peter@korsgaard.com> | 2018-12-22 08:44:47 +0100 |
|---|---|---|
| committer | Thomas Petazzoni <thomas.petazzoni@bootlin.com> | 2018-12-30 22:41:29 +0100 |
| commit | c4475c0a577308c81f4cddfc48b34b4d14fadf02 (patch) | |
| tree | 720af466d7d609f860a24f9347482e480dae856d /package/sqlite/sqlite.mk | |
| parent | ac58fc650c49d52539a221f1f31d6f2e19d00203 (diff) | |
| download | buildroot-c4475c0a577308c81f4cddfc48b34b4d14fadf02.tar.gz buildroot-c4475c0a577308c81f4cddfc48b34b4d14fadf02.zip | |
package/sqlite: security bump to version 3.25.3
Fixes CVE-2018-20346: SQLite before 3.25.3, when the FTS3 extension is
enabled, encounters an integer overflow (and resultant buffer overflow) for
FTS3 queries that occur after crafted changes to FTS3 shadow tables,
allowing remote attackers to execute arbitrary code by leveraging the
ability to run arbitrary SQL statements (such as in certain WebSQL use
cases), aka Magellan.
For more details, see:
https://blade.tencent.com/magellan/index_en.html
https://www.sqlite.org/releaselog/3_25_3.html
https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg113218.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Diffstat (limited to 'package/sqlite/sqlite.mk')
| -rw-r--r-- | package/sqlite/sqlite.mk | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/package/sqlite/sqlite.mk b/package/sqlite/sqlite.mk index 34a0b9538e..6cf5710e5d 100644 --- a/package/sqlite/sqlite.mk +++ b/package/sqlite/sqlite.mk @@ -4,7 +4,7 @@ # ################################################################################ -SQLITE_VERSION = 3250200 +SQLITE_VERSION = 3250300 SQLITE_SOURCE = sqlite-autoconf-$(SQLITE_VERSION).tar.gz SQLITE_SITE = https://www.sqlite.org/2018 SQLITE_LICENSE = Public domain |
