From mboxrd@z Thu Jan 1 00:00:00 1970 From: Alex Vong Subject: [SECURITY] Which packages bundle sqlite? Date: Mon, 17 Dec 2018 22:48:38 +0800 Message-ID: <871s6g2oqh.fsf@gmail.com> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:50881) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gYuCR-0008Ur-PP for guix-devel@gnu.org; Mon, 17 Dec 2018 09:48:53 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gYuCO-0005Yw-Fr for guix-devel@gnu.org; Mon, 17 Dec 2018 09:48:51 -0500 Received: from mail-pl1-x62e.google.com ([2607:f8b0:4864:20::62e]:35103) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1gYuCN-0005XN-V9 for guix-devel@gnu.org; Mon, 17 Dec 2018 09:48:48 -0500 Received: by mail-pl1-x62e.google.com with SMTP id p8so6256091plo.2 for ; Mon, 17 Dec 2018 06:48:47 -0800 (PST) List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org --=-=-= Content-Type: text/plain Hello Guix, Recently, a remote execution vulnerability is discovered in sqlite[0][1]. Apart from updating the sqlite package, I think we need to update all packages bundling sqlite as well. What do you think? Cheers, Alex [0]: https://blade.tencent.com/magellan/index_en.html [1]: https://www.reddit.com/r/netsec/comments/a6ab59/magellan_sqlite_remote_code_execution/ --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQQwb8uPLAHCXSnTBVZh71Au9gJS8gUCXBe3RgAKCRBh71Au9gJS 8hnEAQCA7CARRsqfBO6k7nMXfoCQq5lhR8SjOngadPZ2DZ0BLQD+J3JCdgci0p9v da0/JdmP7XdwiNI7dl8FeBTxOQmkhQ4= =6gXN -----END PGP SIGNATURE----- --=-=-=--