SQLite Forum

When will/were recent "sqlite3.31.1 new security issues CVEs" be addressed?
Login

When will/were recent "sqlite3.31.1 new security issues CVEs" be addressed?

(1) By SuYin (SuYinHoneywell) on 2020-04-13 08:33:48

Hi!

There are new sqlite3 CVEs:
sqlite3.31.1 new security issues CVE-2020-11656,CVE-2020-9327,CVE-2020-11655.



When will these issues be fixed?

Regards, and thanks.

(2) By Stephan Beal (stephan) on 2020-04-13 08:45:14 in reply to 1 [link]

See [](/forumpost/247d4d7888) for the answer.

(3.1) By Richard Hipp (drh) on 2020-04-13 09:36:38 edited from 3.0 in reply to 1 [link]

See [the link](/forumpost/247d4d7888) provided by Stephan,
which is an excellent resource for anyone
who thinks they should be worried about CVEs.
Summary: CVEs are not a useful source of information for people who
are concerned about bugs.

Also, all three CVEs contain hyperlinks to the check-ins that fixed the
problems they describe.

<table border="1">
<tr><th>CVE<th>Fix Reported In The CVE</tr>
<tr><td>[CVE-2020-11656](https://nvd.nist.gov/vuln/detail/CVE-2020-11656)
<td><https://www.sqlite.org/src/info/d09f8c3621d5f7f8>
<tr><td>[CVE-2020-9327](https://nvd.nist.gov/vuln/detail/CVE-2020-9327)
<td><https://www.sqlite.org/cgi/src/info/abc473fb8fb99900>
<tr><td>[CVE-2020-11655](https://www.sqlite.org/cgi/src/info/abc473fb8fb99900)
<td><https://www3.sqlite.org/cgi/src/info/4a302b42c7bf5e11>
</table>