[Buildroot] [PATCH 1/1] package/sqlcipher: security bump to version 4.3.0

Fabrice Fontaine fontaine.fabrice at gmail.com
Thu Feb 13 21:21:20 UTC 2020


Le jeu. 13 févr. 2020 à 22:06, Peter Korsgaard <peter at korsgaard.com> a écrit :
>
> >>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:
>
>  > From https://www.zetetic.net/blog/2019/08/14/defcon-sqlite-attacks:
>  > "We strongly recommend that all applications upgrade to SQLCipher 4.2.0
>  > to take advantage of the latest security updates, especially if an
>  > application interacts with non-encrypted databases using SQLCipher."
>
>  > Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
>
> Committed, thanks.
>
> What should we do for 2019.02.x (which uses 3.2.0)?
3.2.0 has been released in 2014 and is based on SQLite 3.8.6 which is
very old and subject to multiple CVEs so I would advise to bump from
3.2.0 to 4.3.0.
>
> --
> Bye, Peter Korsgaard
Best Regards,

Fabrice


More information about the buildroot mailing list