SQLite Critical Vulnerability

  1. 6 weeks ago

    James H

    Dec 15 Pre-Release Testers, Xojo Pro Chesterfield, Michigan, USA

    FYI SQLite has a vulnerability. I came across this today article today. Sharing for visibility. Not clear at the moment if this exposes XOJO based apps, but the article does mention proof of concepts against Chromium.

    https://thehackernews.com/2018/12/sqlite-vulnerability.html?m=1

  2. Christian S

    Dec 15 Pre-Release Testers, Xojo Pro, XDC Speakers Germany

    Well, Xojo Inc. will probably update to newer SQLite version soon for the next release.

    And if you need, I can soon rebuild a MBS Xojo SQL Plugin to user newer SQLite version.
    I think currently we have 3.25.2

  3. James H

    Dec 15 Pre-Release Testers, Xojo Pro Chesterfield, Michigan, USA
    Edited 6 weeks ago

    Hi Christian, it's probably not a bad idea to do that. They thankfully aren't sharing implementation details on this to allow everyone to upgrade but wouldn't be the first time something ends up in the wild in advance of wide adoption of the update given the wide adoption of the target.

  4. Christian S

    Dec 15 Pre-Release Testers, Xojo Pro, XDC Speakers Germany

    Ah, I see 3.26 is available.
    So let's rebuild here :-)

  5. Christian S

    Dec 15 Pre-Release Testers, Xojo Pro, XDC Speakers Germany

    Turns out 3.26.0 is already in my SQL Plugin. :-)

  6. 5 weeks ago

    Tim S

    Dec 18 Canterbury, UK

    I don't think this issue has anything to do with SQLite, from what I'm seeing on the SQLite Users' Mailing List. And it would surprise me if it had. They'll be blaming sin() and cos() next.

or Sign Up to reply!