Ned Deily <n...@python.org> added the comment:
I verified it is exploitable via the sqlite3 module by adapting the test case from the SQLite ticket (https://www.sqlite.org/src/info/e4598ecbdd18bd82). But since it requires the exploiter to be able to specify raw SQL statements, it doesn't sound like it needs to be treated as a Python security issue. We should plan to to update to the latest SQLite but it doesn't need to be a release blocker. ---------- components: +Build, Windows, macOS nosy: +ned.deily, paul.moore, ronaldoussoren, steve.dower, tim.golden, zach.ware stage: -> needs patch versions: +Python 2.7, Python 3.7, Python 3.8, Python 3.9 _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue38380> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com