SQLite Forum

When will/were recent "sqlite3.31.1 new security issues CVEs" be addressed?
Login

When will/were recent "sqlite3.31.1 new security issues CVEs" be addressed?

(1) By SuYin (SuYinHoneywell) on 2020-04-13 08:33:48 [link] [source]

Hi!

There are new sqlite3 CVEs: sqlite3.31.1 new security issues CVE-2020-11656,CVE-2020-9327,CVE-2020-11655.

When will these issues be fixed?

Regards, and thanks.

(2) By Stephan Beal (stephan) on 2020-04-13 08:45:14 in reply to 1 [link] [source]

See /forumpost/247d4d7888 for the answer.

(3.1) By Richard Hipp (drh) on 2020-04-13 09:36:38 edited from 3.0 in reply to 1 [source]

See the link provided by Stephan, which is an excellent resource for anyone who thinks they should be worried about CVEs. Summary: CVEs are not a useful source of information for people who are concerned about bugs.

Also, all three CVEs contain hyperlinks to the check-ins that fixed the problems they describe.

CVEFix Reported In The CVE
CVE-2020-11656 https://www.sqlite.org/src/info/d09f8c3621d5f7f8
CVE-2020-9327 https://www.sqlite.org/cgi/src/info/abc473fb8fb99900
CVE-2020-11655 https://www3.sqlite.org/cgi/src/info/4a302b42c7bf5e11