lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 19 Apr 2015 14:32:11 -0700 From: jungle Boogie <jungleboogie0@...il.com> To: Michal Zalewski <lcamtuf@...edump.cx> Cc: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org>, bugtraq <bugtraq@...urityfocus.com> Subject: Re: [FD] several issues in SQLite (+ catching up on several other bugs) On 14 April 2015 at 11:33, Michal Zalewski <lcamtuf@...edump.cx> wrote: > Because of its versatility, SQLite sometimes finds use as the > mechanism behind SQL-style query APIs that are exposed between > privileged execution contexts and less-trusted code. One example of > this is the WebDB / WebSQL mechanism available in some browsers; in > this setting, vulnerabilities in the SQLite parser can open up the > platform to attacks. > > Anyway, long story short, I recently reported around 22 bugs in the > query parser, including the use of uninitialized memory when parsing > collation sequences: Richard and the team certainly have been busy bees: https://www.sqlite.org/src/timeline?n=152&y=ci&v=0&ym=2015-04&t=trunk And all commits by month: https://www.sqlite.org/src/reports?view=bymonth&type=ci -- ------- inum: 883510009027723 sip: jungleboogie@...2sip.info xmpp: jungle-boogie@....si _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists