[dunfell,v2] sqlite3: ignore CVE-2024-0232

Message ID	20240131225341.55648-1-peter.marko@siemens.com
State	Rejected
Delegated to:	Steve Sakoman
Headers	show Return-Path: <peter.marko@siemens.com> ip: 185.136.65.225, mailfrom: fm-256628-202401312254302e5beeebc688f2f503-vbwymm@rts-flowmailer.siemens.com) From: Peter Marko <peter.marko@siemens.com> To: openembedded-core@lists.openembedded.org Cc: Peter Marko <peter.marko@siemens.com> Subject: [OE-core][dunfell][PATCH v2] sqlite3: ignore CVE-2024-0232 Date: Wed, 31 Jan 2024 23:53:41 +0100 Message-Id: <20240131225341.55648-1-peter.marko@siemens.com> In-Reply-To: <20240128165358.657852-1-peter.marko@siemens.com> References: <20240128165358.657852-1-peter.marko@siemens.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Feedback-ID: 519:519-256628:519-21489:flowmailer
Series	[dunfell,v2] sqlite3: ignore CVE-2024-0232 \| expand [dunfell,v2] sqlite3: ignore CVE-2024-0232

Message ID

20240131225341.55648-1-peter.marko@siemens.com

State

Rejected

Delegated to:

Steve Sakoman

Headers

From: Peter Marko <peter.marko@siemens.com>
To: openembedded-core@lists.openembedded.org
Cc: Peter Marko <peter.marko@siemens.com>
Subject: [OE-core][dunfell][PATCH v2] sqlite3: ignore CVE-2024-0232
Date: Wed, 31 Jan 2024 23:53:41 +0100
Message-Id: <20240131225341.55648-1-peter.marko@siemens.com>
In-Reply-To: <20240128165358.657852-1-peter.marko@siemens.com>
References: <20240128165358.657852-1-peter.marko@siemens.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Feedback-ID: 519:519-256628:519-21489:flowmailer

Series

[dunfell,v2] sqlite3: ignore CVE-2024-0232 | expand

Commit Message

Peter Marko Jan. 31, 2024, 10:53 p.m. UTC

From: Peter Marko <peter.marko@siemens.com>

This CVE reports bug which was fixed in 3.43.2 by [1].
Code analysis shows that it is fixing caching issue
and this cache was introduced by [2].
This landed only in 3.43.0 so 3.31.1 is not affected.

[1] https://sqlite.org/src/info/5b09212ac05615fc
[2] https://sqlite.org/src/info/2dbb22c75e86f2e3

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 meta/recipes-support/sqlite/sqlite3_3.31.1.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
index ef12ef0db2..b2d8f9f1dd 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
@@ -25,3 +25,5 @@  SRC_URI[sha256sum] = "62284efebc05a76f909c580ffa5c008a7d22a1287285d68b7825a2b6b5
 CVE_CHECK_WHITELIST += "CVE-2019-19242"
 # This is believed to be iOS specific (https://groups.google.com/g/sqlite-dev/c/U7OjAbZO6LA)
 CVE_CHECK_WHITELIST += "CVE-2015-3717"
+# This was introduced in 3.43.0, 3.31.1 is not yet affected
+CVE_CHECK_WHITELIST += "CVE-2024-0232"

[dunfell,v2] sqlite3: ignore CVE-2024-0232

Commit Message

Patch