Re: [SECURITY] Which packages bundle sqlite?

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SECURITY] Which packages bundle sqlite?

From:	Alex Vong
Subject:	Re: [SECURITY] Which packages bundle sqlite?
Date:	Tue, 18 Dec 2018 00:46:27 +0800
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)

I also want to know should we graft in this case since updating sqlite
would cause ~4000s rebuilts. Besides, how to deal with packages that
inherit sqlite when grafting?
(e.g. sqlite-with-fts5 and sqlite-with-column-metadata)

Thanks,
Alex

Alex Vong <address@hidden> writes:

> Hello Guix,
>
> Recently, a remote execution vulnerability is discovered in
> sqlite[0][1]. Apart from updating the sqlite package, I think we need to
> update all packages bundling sqlite as well. What do you think?
>
> Cheers,
> Alex
>
> [0]: https://blade.tencent.com/magellan/index_en.html
> [1]:
> https://www.reddit.com/r/netsec/comments/a6ab59/magellan_sqlite_remote_code_execution/

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[SECURITY] Which packages bundle sqlite?, Alex Vong, 2018/12/17
- Re: [SECURITY] Which packages bundle sqlite?, Alex Vong <=
  - Re: [SECURITY] Which packages bundle sqlite?, Mark H Weaver, 2018/12/17

Prev by Date: Re: 01/01: gnu: mit-scheme: Update to 10.1.3.
Next by Date: Re: [GWL] (random) next steps?
Previous by thread: [SECURITY] Which packages bundle sqlite?
Next by thread: Re: [SECURITY] Which packages bundle sqlite?
Index(es):
- Date
- Thread