SQLite 3.30.0 security update
brodycj opened this issue · 2 comments
http://sqlite.1065341.n5.nabble.com/SQLite-version-3-30-0-in-about-two-weeks-td108708.html
including discussion of a recent CVE: https://nvd.nist.gov/vuln/detail/CVE-2019-16168
SQLite 3.30.0 is now available: https://www.sqlite.org/releaselog/3_30_0.html
From https://www.sqlite.org/releaselog/3_30_0.html, https://www.sqlite.org/src/timeline?c=98357d8c1263920b33a3&y=ci and http://sqlite.1065341.n5.nabble.com/SQLite-version-3-30-0-in-about-two-weeks-td108708.html I would infer that the SQLITE_DETERMINISTIC
flag needs to be used as documented in: https://www.sqlite.org/c3ref/c_deterministic.html
Unfortunately I cannot properly test this kind of an update since my mac is out for repair. I hope to get this rectified in the near future.
CORRECTED: Striking out my comment about using the SQLITE_DETERMINISTIC
flag due to my own misinterpretation.
According to the information in http://sqlite.1065341.n5.nabble.com/SQLite-version-3-30-0-in-about-two-weeks-td108708.html, the actual security update is here: https://www.sqlite.org/src/info/98357d8c1263920b
Update with SQLite 3.30.1 was just published on this plugin version, needs to be made on the other plugin versions.