CVE-2020-11656 is a bug in an official release. However, the bug was in test logic that is only included in the binary if you compile with -DSQLITE\_DEBUG. For deployment builds in which -DSQLITE\_DEBUG is omitted then it was impossible to encounter the problem, as far as we can determine. How do I express this constraint so that it is apparent to a typical CVE reader?