On 9 Jan 2020, at 12:18am, Ware, Ryan R <ryan.r.w...@intel.com> wrote:
> I see absolutely nothing on sqlite.org or in the mail list archive > specifically about these issues If someone reports a vulnerability here, it gets acknowledged here. But I don't think Tencent posts here. On 8 Jan 2020, at 10:27pm, Ware, Ryan R <ryan.r.w...@intel.com> wrote: > We've been following the Magellan 2.0 > (https://blade.tencent.com/magellan2/index_en.html) issues found by Tencent. From the page at that URL: " If you are using a software that is using SQLite as component (without the latest patch, which is 13 Dec 2019), and it supports external SQL queries. Or, you are using Chrome that is prior to 79.0.3945.79 with WebSQL enabled, you may be affected. " In other words, the problem reported was patched in SQLite on 2019/12/13, and patched in version 79.0.3945.79 of Chrome. > Does anyone here know if someone is working on updating the CPE info in these > 5 CVEs? You would need to ask someone who works on the CPE database. That's not us. However, from <https://nvd.nist.gov/vuln/detail/CVE-2019-13734> "Known Affected Software Configurations: Up to (excluding) 79.0.3945.79" In other words, the problem was fixed in Chrome 79.0.3945.79. That information was placed on the page on or before 2019/12/16. I'm not sure what more you expect them to do. _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users