> Aha, I wasn't certain we were allowed to mark it public yet. I don't want > to upset anyone needlessly, but it would be easier to discuss the bug in > public.
I've just turned https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937 public > (Especially since it appears to be 'just' out-of-bound reads. This > can of course be surprising and have non-obvious consequences, but it > doesn't immediately lead to e.g. remote code execution.) > > Does this issue sound like it should receive a CVE to ensure other > consumers of sqlite3 discover it? I'm happy to do the paperwork if so. Probably a good idea. Will make their own fuzzing efforts easier at least :-) Thanks -- Spatialys - Geospatial professional services http://www.spatialys.com _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users