ericsink
commented
1 year ago Yes, I'll take care of this early next week.
Closed T18970237136 closed 1 year ago
ericsink
commented
1 year ago Yes, I'll take care of this early next week.
bricelam
commented
1 year ago Note, the SQLite binaries that ship as part of SQLitePCLRaw are not compiled with SQLITE_ENABLE_STAT4 defined. Thus, they are not actually affected by the vulnerability.
alameenshah
commented
1 year ago May I request a new release with this commit (1362bb7). Our product is being flagged for this vulnerability in BlackDuck security scans.
ericsink
commented
1 year ago I'm going to proceed with a release, but I need to update sqlcipher as well, and the build actions for the native code libraries are broken at the moment (see #508 ) I'm trying to figure out a workaround.
ericsink
commented
1 year ago FWIW, version 2.1.1-pre20220822172036 contains the new version of SQLite. If there are no problems with it, I will publish it as a non-pre release next week.
Hi there! SQLite 3.39.2 was released which seems to contain a fix for a security vulnerability (CVE-2022-35737). Is there a chance to see an updated version of
SQLitePCLRaw.lib.e_sqlite3soon?Thanks!