Package: sqlite Version: 2.8.17-2 Severity: grave Tags: security Hi, A CVE was published for sqlite2: CVE-2007-1888[0]: Buffer overflow in the sqlite_decode_binary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a bundled version of sqlite without this vulnerability. The SQLite developer has argued that this issue could be due to a misuse of the sqlite_decode_binary() API.
I already a a fixed package ready so I am going to 0-day NMU this package to fix this. Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpbN6wWHY0Gd.pgp
Description: PGP signature
