[Buildroot] [PATCH 1/1] package/sqlcipher: security bump to version 4.4.3

Peter Korsgaard peter at korsgaard.com
Tue Mar 30 06:19:31 UTC 2021

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:

 > Fix CVE-2021-3119: Zetetic SQLCipher 4.x before 4.4.3 has a NULL pointer
 > dereferencing issue related to sqlcipher_export in crypto.c and
 > sqlite3StrICmp in sqlite3.c. This may allow an attacker to perform a
 > remote denial of service attack. For example, an SQL injection can be
 > used to execute the crafted SQL command sequence, which causes a
 > segmentation fault.

 > https://github.com/sqlcipher/sqlcipher/blob/v4.4.3/CHANGELOG.md

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>

Committed, thanks.

Bye, Peter Korsgaard

More information about the buildroot mailing list