NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/sqlcipher: security bump to version 4.4.2

Browse Source 
Fix CVE-2020-27207: Zetetic SQLCipher 4.x before 4.4.1 has a
use-after-free, related to sqlcipher_codec_pragma and sqlite3Strlen30 in
sqlite3.c. A remote denial of service attack can be performed. For
example, a SQL injection can be used to execute the crafted SQL command
sequence. After that, some unexpected RAM data is read.

https://www.zetetic.net/blog/2020/11/25/sqlcipher-442-release

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Fabrice Fontaine 2020-12-10 23:08:53 +01:00 committed by Peter Korsgaard
parent fe347897b8
commit f38893f8dd
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package/sqlcipher/sqlcipher.hash
View File

@ -1,3 +1,3 @@
# locally computed
sha256 fccb37e440ada898902b294d02cde7af9e8706b185d77ed9f6f4d5b18b4c305f sqlcipher-4.3.0.tar.gz
sha256 87458e0e16594b3ba6c7a1f046bc1ba783d002d35e0e7b61bb6b7bb862f362a7 sqlcipher-4.4.2.tar.gz
sha256 3eee3c7964a9becc94d747bd36703d31fc86eb994680b06a61bfd4f2661eaac8 LICENSE

2
package/sqlcipher/sqlcipher.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
SQLCIPHER_VERSION = 4.3.0
SQLCIPHER_VERSION = 4.4.2
SQLCIPHER_SITE = $(call github,sqlcipher,sqlcipher,v$(SQLCIPHER_VERSION))
SQLCIPHER_LICENSE = BSD-3-Clause
SQLCIPHER_LICENSE_FILES = LICENSE