Hi Moritz, Shani, On Mon, Aug 25, 2025 at 10:45 PM Moritz Mühlenhoff <[email protected]> wrote: > Am Sun, Jul 27, 2025 at 03:56:36PM +0300 schrieb Shani Yosef: > > Here is the patch 😅 > > > > On Sun, 27 Jul 2025 at 15:01, Shani Yosef <[email protected]> wrote: > > > I’m writing to suggest a patch for addressing *CVE-2025-6965* in the > > > Debian sqlite3 package. [...] > > > I’ve already backported the patch to *3.40.1-2+deb12u1* and confirmed > > > that it applies cleanly. > > Could you review and submit Shani's patch for the upcoming Bookworm point > release? Mostly it's fine, but I don't see this as a clean apply: patch -p1 --dry-run < CVE-2025-6965.patch checking file src/expr.c Hunk #2 succeeded at 6291 with fuzz 2. checking file src/sqliteInt.h
Working on it. Cheers, Laszlo/GCS
