Details
-
Bug
-
Resolution: Done
-
P1: Critical
-
5.14.1
-
None
-
2c1b4e37b936f64d6b52e2bc10ff97184a714b9a (qt/qtbase/5.14.2) cf925913486f83d2556308d2f9e545a36abb6fa4 (qt/qtbase/5.12)
Description
Hello
There is new vulnerability discovered in SQLite 3.31.1: CVE-2020-9327
https://nvd.nist.gov/vuln/detail/CVE-2020-9327
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
Could you please share your plans for fixing it in Qt?
BR/Barbara Rosinska
Attachments
For Gerrit Dashboard: QTBUG-82533 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
292349,2 | Fix CVE-2020-9327 in SQLite | 5.12 | qt/qtbase | Status: MERGED | +2 | 0 |
292841,4 | Fix CVE-2020-9327 in SQLite | 5.14.2 | qt/qtbase | Status: MERGED | +2 | 0 |