]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 50e7619) | patch
sqlite3: fix CVE-2017-13685
authorWenzong Fan <wenzong.fan@windriver.com>
Mon, 16 Oct 2017 09:31:32 +0000 (02:31 -0700)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Mon, 16 Oct 2017 22:52:04 +0000 (23:52 +0100)
commit9b9f566d2042f2b393de88506d2da964bc4d17b0
treef1147e44abcd7a6963ab3538f9d4fce47546ceb3tree | snapshot
parent50e7619aebae5351e9a41fe1b909a31b9e383f0acommit | diff
sqlite3: fix CVE-2017-13685

The dump_callback function in SQLite 3.20.0 allows remote attackers to
cause a denial of service (EXC_BAD_ACCESS and application crash) via a
crafted file.

Backport patch to fix the issue. Some references:
https://sqlite.org/src/info/02f0f4c54f2819b3
http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
meta/recipes-support/sqlite/files/sqlite3-fix-CVE-2017-13685.patch [new file with mode: 0644] blob
meta/recipes-support/sqlite/sqlite3_3.20.0.bb diff | blob | history
Mirror of the official openembedded-core repository