bug#47231: sqlite package is vulnerable to CVE-2020-11655, CVE-2020-1165

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#47231: sqlite package is vulnerable to CVE-2020-11655, CVE-2020-1165

From:	Léo Le Bouter
Subject:	bug#47231: sqlite package is vulnerable to CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358 and CVE-2020-9327
Date:	Wed, 24 Mar 2021 23:54:52 +0100
User-agent:	Evolution 3.34.2

I could test the graft with GNU Guix's test suite by manually replacing
the sqlite input with sqlite/fixed like so:

diff --git a/gnu/packages/package-management.scm
b/gnu/packages/package-management.scm
index 888f54322d..70f5c2dad3 100644
--- a/gnu/packages/package-management.scm
+++ b/gnu/packages/package-management.scm
@@ -389,7 +389,7 @@ $(prefix)/etc/init.d\n")))
       (inputs
        `(("bzip2" ,bzip2)
          ("gzip" ,gzip)
-         ("sqlite" ,sqlite)
+         ("sqlite" ,sqlite/fixed)
          ("libgcrypt" ,libgcrypt)
 
          ("guile" ,guile-3.0-latest)

It worked fine.

Is that enough of a test to graft in master?

Let me know and I will push.

Léo

signature.asc
Description: This is a digitally signed message part

[Prev in Thread]

Current Thread

[Next in Thread]

bug#47231: sqlite package is vulnerable to CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358 and CVE-2020-9327, Léo Le Bouter, 2021/03/18
- bug#47231: sqlite package is vulnerable to CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358 and CVE-2020-9327, Léo Le Bouter, 2021/03/23
  - bug#47231: sqlite package is vulnerable to CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358 and CVE-2020-9327, Léo Le Bouter <=
    - bug#47231: sqlite package is vulnerable to CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358 and CVE-2020-9327, Tobias Geerinckx-Rice, 2021/03/25
    - bug#47231: sqlite package is vulnerable to CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358 and CVE-2020-9327, Tobias Geerinckx-Rice, 2021/03/25
- bug#47231: sqlite package is vulnerable to CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358 and CVE-2020-9327, Mark H Weaver, 2021/03/25
  - bug#47231: sqlite package is vulnerable to CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358 and CVE-2020-9327, Léo Le Bouter, 2021/03/25

Prev by Date: bug#25425: cannot express search path
Next by Date: bug#47375: guix test failure: tests/print
Previous by thread: bug#47231: sqlite package is vulnerable to CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358 and CVE-2020-9327
Next by thread: bug#47231: sqlite package is vulnerable to CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358 and CVE-2020-9327
Index(es):
- Date
- Thread