On 7/27/15, Reinhard Max <Reinhard at m4x.de> wrote: > Hi, > > as the maintainer of the SQLite RPMs on SUSE, I am currently faced > with a bug report concerning CVE-2015-3659[0]. > > From the CVE's description it looks to me like the bug was in Apple's > authorizer callback rather than SQLite's authorization mechanism, can > anyone confirm this? >
Your email was the first time we (the SQLite developers) have heard of this issue. We have no additional information. It sounds, as you say, like Apple's callback was misimplemented and that this is not a fault within SQLite. -- D. Richard Hipp drh at sqlite.org
