[Bug 1201783] New: VUL-0: CVE-2022-35737: sqlite3: multiple fixes
http://bugzilla.opensuse.org/show_bug.cgi?id=1201783 Bug ID: 1201783 Summary: VUL-0: CVE-2022-35737: sqlite3: multiple fixes Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.4 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: max@suse.com Reporter: Andreas.Stieger@gmx.de QA Contact: security-team@suse.de Found By: --- Blocker: --- From https://www.sqlite.org/releaselog/3_39_2.html #1 Apply fixes for CVE-2022-35737 #2 Chromium bugs 1343348 #3 and 1345947 #4 forum post https://sqlite.org/forum/forumpost/3607259d3c
This bug goes back almost 8 years to check-in ddb5f0558c445699 on 2016-09-07, version 3.15.0. On the other hand, the problem only comes up if you cmpile with -DSQLITE_ENABLE_STAT4. The STAT4 requirement means that most applications are unaffected by this problem.
#5 and other minor problems discovered by internal testing. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1201783 http://bugzilla.opensuse.org/show_bug.cgi?id=1201783#c2 --- Comment #2 from Andreas Stieger <Andreas.Stieger@gmx.de> --- (In reply to Reinhard Max from comment #1)
we don't set SQLITE_ENABLE_STAT4.
We should clarify if this is for #4 only. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1201783 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |security-team@suse.de Flags|needinfo?(Andreas.Stieger@g |needinfo?(security-team@sus |mx.de) |e.de) -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com