Closed JimBretti closed 5 months ago
Last I checked (a few weeks ago), SQLCipher did not yet have a release based on a newer version.
I'm unavailable for the next couple of weeks, so I'll review this issue again after that.
I do suggest you report this as a bug in BlackDuck. The reported CVE does not affect the SQLite library itself, so it is not present in e_sqlite3 or e_sqlcipher.
Thanks Eric, I did report an issue with BlackDuck
See sqlcipher/sqlcipher#464
Hello Eric, a new vulnerability, CVE-2023-7104 was found in SQLite SQLite3 up to 3.43.0 and classified as critical
Do you know if sqlcipher will be updated to sqlite 3.44?
Do you know if sqlcipher will be updated to sqlite 3.44?
No, I don't. I suggest asking the sqlcipher developers.
We are using e_sqlcipher, and having the same BlackDuck issue reported at https://github.com/ericsink/SQLitePCL.raw/issues/531
Are there plans to update e_sqlcipher to resolve issue CVE-2022-46908?