GNU bug report logs - #47231
sqlite package is vulnerable to CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358 and CVE-2020-9327

Previous Next

Package: guix;

Reported by: Léo Le Bouter <lle-bout <at> zaclys.net>

Date: Thu, 18 Mar 2021 11:43:02 UTC

Severity: normal

Tags: security

Done: Léo Le Bouter <lle-bout <at> zaclys.net>

Bug is archived. No further changes may be made.

Full log

Message #33 received at 47231-done <at> debbugs.gnu.org (full text, mbox):

From: Léo Le Bouter <lle-bout <at> zaclys.net>
To: Mark H Weaver <mhw <at> netris.org>, 47231-done <at> debbugs.gnu.org, Tobias
 Geerinckx-Rice <me <at> tobias.gr>
Subject: Re: bug#47231: sqlite package is vulnerable to CVE-2020-11655,
 CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630,
 CVE-2020-13631, CVE-2020-13632, CVE-2020-15358 and CVE-2020-9327
Date: Fri, 26 Mar 2021 02:36:16 +0100

[Message part 1 (text/plain, inline)]
On Thu, 2021-03-25 at 21:23 -0400, Mark H Weaver wrote:
> 
> Just a reminder that, just as with 'mysql/fixed', 'sqlite/fixed'
> should
> *not* use 'package/inherit', since the package you're defining is the
> replacement for the package you're inheriting from.
> 
> Otherwise, it looks good to me!
> 
>      Thanks,
>        Mark

Adapted, wasnt sure what package/inherit was for exactly.

Tobias Geerinckx-Rice via Bug reports for GNU Guix writes:
> > I'm currently rebuilding IceCat with this change as an extra
> > precaution, but that shouldn't take long.  If that doesn't cause 
> > problems this LGTM for master.
> 
> OK, it worked, old IceCat writes new SQlite files.
> 
> Kind regards,
> 
> T G-R

Thank you both for the review!

Pushed as 6e7ba45357078b31a369b23f8a9f38302dfcbb10!

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 4 years and 54 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.