aboutsummaryrefslogtreecommitdiff
path: root/package/sqlcipher/sqlcipher.mk
diff options
context:
space:
mode:
authorGravatar Fabrice Fontaine <fontaine.fabrice@gmail.com>2020-12-10 23:08:53 +0100
committerGravatar Peter Korsgaard <peter@korsgaard.com>2020-12-14 15:44:02 +0100
commitf38893f8dd7c9fb13b14cf4fe471eb62d345c5f0 (patch)
tree1a4fcc30b11c7425d81779f4b7e25b4bb2dcea21 /package/sqlcipher/sqlcipher.mk
parentfe347897b81c546f82787fdc029bbc88c3731bad (diff)
downloadbuildroot-f38893f8dd7c9fb13b14cf4fe471eb62d345c5f0.tar.gz
buildroot-f38893f8dd7c9fb13b14cf4fe471eb62d345c5f0.tar.bz2
package/sqlcipher: security bump to version 4.4.2
Fix CVE-2020-27207: Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free, related to sqlcipher_codec_pragma and sqlite3Strlen30 in sqlite3.c. A remote denial of service attack can be performed. For example, a SQL injection can be used to execute the crafted SQL command sequence. After that, some unexpected RAM data is read. https://www.zetetic.net/blog/2020/11/25/sqlcipher-442-release Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'package/sqlcipher/sqlcipher.mk')
-rw-r--r--package/sqlcipher/sqlcipher.mk2
1 files changed, 1 insertions, 1 deletions
diff --git a/package/sqlcipher/sqlcipher.mk b/package/sqlcipher/sqlcipher.mk
index 14290745aa..5a9a77c1ee 100644
--- a/package/sqlcipher/sqlcipher.mk
+++ b/package/sqlcipher/sqlcipher.mk
@@ -4,7 +4,7 @@
#
################################################################################
-SQLCIPHER_VERSION = 4.3.0
+SQLCIPHER_VERSION = 4.4.2
SQLCIPHER_SITE = $(call github,sqlcipher,sqlcipher,v$(SQLCIPHER_VERSION))
SQLCIPHER_LICENSE = BSD-3-Clause
SQLCIPHER_LICENSE_FILES = LICENSE