Hi, On Thu, May 16, 2019 at 11:57 AM Pirate Praveen <prav...@onenetbeyond.org> wrote: > On Fri, 10 May 2019 21:04:33 +0200 Salvatore Bonaccorso > <car...@debian.org> wrote: > > Source: sqlite3 > > The following vulnerability was published for sqlite3. > > CVE-2019-5018[0]: > > Window Function Remote Code Execution Vulnerability > Could this be that commit? I have not checked thoroughly only looked at > the commit message. > > "Prevent aliases of window functions expressions from being used as > arguments to aggregate or other window functions." > > https://sqlite.org/src/info/1e16d3e8fc60d39c Can be, but not sure. At least four sqlite 3.x issues reported recently and as I know, usually upstream is not informed about these. :-/
> > [1] https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0777 Regards, Laszlo/GCS
