GNU bug report logs - #47231
sqlite package is vulnerable to CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358 and CVE-2020-9327

Previous Next

Package: guix;

Reported by: Léo Le Bouter <lle-bout <at> zaclys.net>

Date: Thu, 18 Mar 2021 11:43:02 UTC

Severity: normal

Tags: security

Done: Léo Le Bouter <lle-bout <at> zaclys.net>

Bug is archived. No further changes may be made.

Full log

Message #28 received at 47231 <at> debbugs.gnu.org (full text, mbox):

From: Mark H Weaver <mhw <at> netris.org>
To: Léo Le Bouter <lle-bout <at> zaclys.net>, 47231 <at> debbugs.gnu.org
Subject: Re: bug#47231: sqlite package is vulnerable to CVE-2020-11655,
 CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630,
 CVE-2020-13631, CVE-2020-13632, CVE-2020-15358 and CVE-2020-9327
Date: Thu, 25 Mar 2021 21:23:56 -0400

Léo Le Bouter via Bug reports for GNU Guix <bug-guix <at> gnu.org> writes:

> From b0f9566e9ff9a5f409a3fd4293c048ec58bc770d Mon Sep 17 00:00:00 2001
> From: =?UTF-8?q?L=C3=A9o=20Le=20Bouter?= <lle-bout <at> zaclys.net>
> Date: Thu, 18 Mar 2021 07:09:10 +0100
> Subject: [PATCH] gnu: sqlite: Update to 3.32.3 [security fixes].
>
> * gnu/packages/sqlite.scm (sqlite/fixed): New variable.
> (sqlite)[replacement]: Graft.
> ---
>  gnu/packages/sqlite.scm | 21 +++++++++++++++++++++
>  1 file changed, 21 insertions(+)
>
> diff --git a/gnu/packages/sqlite.scm b/gnu/packages/sqlite.scm
> index eeb77749d8..cc378b359a 100644
> --- a/gnu/packages/sqlite.scm
> +++ b/gnu/packages/sqlite.scm
> @@ -65,6 +65,7 @@
>              (sha256
>               (base32
>                "1bj936svd8i5g25xd1bj52hj4zca01fgl3sqkj86z9q5pkz4wa32"))))
> +   (replacement sqlite/fixed)
>     (build-system gnu-build-system)
>     (inputs `(("readline" ,readline)))
>     (native-inputs (if (hurd-target?)
> @@ -122,6 +123,26 @@ widely deployed SQL database engine in the world.  The source code for SQLite
>  is in the public domain.")
>     (license license:public-domain)))
>  
> +(define-public sqlite/fixed
> +  (package/inherit sqlite

Just a reminder that, just as with 'mysql/fixed', 'sqlite/fixed' should
*not* use 'package/inherit', since the package you're defining is the
replacement for the package you're inheriting from.

Otherwise, it looks good to me!

     Thanks,
       Mark

This bug report was last modified 4 years and 54 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #47231 sqlite package is vulnerable to CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358 and CVE-2020-9327

GNU bug report logs - #47231
sqlite package is vulnerable to CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358 and CVE-2020-9327