Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Please create new release with native SQLite >= 3.32.1 to fix multiple CVE #501

Closed
sseide opened this issue Jun 18, 2020 · 3 comments
Closed

Please create new release with native SQLite >= 3.32.1 to fix multiple CVE #501

sseide opened this issue Jun 18, 2020 · 3 comments

Comments

@sseide
Copy link

sseide commented Jun 18, 2020

As this jar file contains precompile libraries of sqlite it would be good to release a new version of the jdbc driver with updated native sqlite libraries.

The currently used version 3.31.1 is vulnerable to multiple different attacks ranging from medium up to critical as their respective CVE show:

Even if not all of them may be exploitable from jdbc side there are more than enough critical fixes inside the native parts to make an new release of the jdbc driver.

Thanks in advance,
Stefan Seide
@xerial
Copy link
Owner

xerial commented Jun 18, 2020

Thanks for the notice. Will check the latest SQLite version

@xerial
Copy link
Owner

xerial commented Jun 18, 2020

Released sqlite-jdbc-3.32.3

@xerial xerial closed this as completed Jun 18, 2020
@sseide
Copy link
Author

sseide commented Jun 19, 2020

Many Thanks for fast response!

@witmoca witmoca mentioned this issue Jun 20, 2020
Closed
mprins added a commit to geotools/geotools that referenced this issue Dec 21, 2020
@mprins
Update sqlite-jdbc from 3.31.1 to 3.34.0
8168931 
The sqlite-jdbc team fixed a number of vulnerabilitie in the native code parts (see xerial/sqlite-jdbc#501) in version 3.32.3. Also support for the new Apple Silicon (M1) was added in 3.32.3.3 as wel as some Arm Cortex improvements

see also: https://github.com/xerial/sqlite-jdbc/blob/master/README.md#news
@mprins mprins mentioned this issue Dec 21, 2020
Merged
12 tasks
mprins added a commit to geotools/geotools that referenced this issue Dec 22, 2020
@mprins
[GEOT-6766] Update sqlite-jdbc from 3.31.1 to 3.34.0
7351f78 
The sqlite-jdbc team fixed a number of vulnerabilities in the native code parts (see xerial/sqlite-jdbc#501) in version 3.32.3.
Also support for the new Apple Silicon (M1) was added in 3.32.3.3 as wel as some Arm Cortex improvements

see also: https://github.com/xerial/sqlite-jdbc/blob/master/README.md#news
mprins added a commit to geotools/geotools that referenced this issue Dec 22, 2020
@mprins
[GEOT-6766] Update sqlite-jdbc from 3.31.1 to 3.34.0
57966a2 
The sqlite-jdbc team fixed a number of vulnerabilities in the native code parts (see xerial/sqlite-jdbc#501) in version 3.32.3.
Also support for the new Apple Silicon (M1) was added in 3.32.3.3 as wel as some Arm Cortex improvements

see also: https://github.com/xerial/sqlite-jdbc/blob/master/README.md#news
mprins added a commit to geotools/geotools that referenced this issue Dec 22, 2020
@mprins
[GEOT-6766] Update sqlite-jdbc from 3.30.1 to 3.34.0
8c3c531 
The sqlite-jdbc team fixed a number of vulnerabilities in the native code parts (see xerial/sqlite-jdbc#501) in version 3.32.3.
Also support for the new Apple Silicon (M1) was added in 3.32.3.3 as wel as some Arm Cortex improvements

see also: https://github.com/xerial/sqlite-jdbc/blob/master/README.md#news
This was referenced Dec 22, 2020
Merged
Merged
aaime pushed a commit to geotools/geotools that referenced this issue Dec 22, 2020
@mprins @aaime
[GEOT-6766] Update sqlite-jdbc from 3.31.1 to 3.34.0
63ed379 
The sqlite-jdbc team fixed a number of vulnerabilities in the native code parts (see xerial/sqlite-jdbc#501) in version 3.32.3.
Also support for the new Apple Silicon (M1) was added in 3.32.3.3 as wel as some Arm Cortex improvements

see also: https://github.com/xerial/sqlite-jdbc/blob/master/README.md#news
aaime pushed a commit to geotools/geotools that referenced this issue Dec 22, 2020
@mprins @aaime
[GEOT-6766] Update sqlite-jdbc from 3.31.1 to 3.34.0
45d1c14 
The sqlite-jdbc team fixed a number of vulnerabilities in the native code parts (see xerial/sqlite-jdbc#501) in version 3.32.3.
Also support for the new Apple Silicon (M1) was added in 3.32.3.3 as wel as some Arm Cortex improvements

see also: https://github.com/xerial/sqlite-jdbc/blob/master/README.md#news
aaime pushed a commit to geotools/geotools that referenced this issue Dec 22, 2020
@mprins @aaime
[GEOT-6766] Update sqlite-jdbc from 3.30.1 to 3.34.0
b7cf8ea 
The sqlite-jdbc team fixed a number of vulnerabilities in the native code parts (see xerial/sqlite-jdbc#501) in version 3.32.3.
Also support for the new Apple Silicon (M1) was added in 3.32.3.3 as wel as some Arm Cortex improvements

see also: https://github.com/xerial/sqlite-jdbc/blob/master/README.md#news
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@xerial @sseide