RTree security issue


#1

Hello Guys,

There is security defect in SQLite (https://sqlite.org/src/info/66de6f4a), and it seems it’s used in SQLCipher Android library, does the security defect have impact on SQLCipher library, if it does, would we have fix and when?

Thanks,
Albert


#2

Hello @AlbertWangCa Thanks for getting in touch about SQLCipher. We are aware of this issue and the fix will be included in the next release of SQLCipher. We don’t have an exact date for it, but should be forthcoming soon.


#3

Thanks a lot for the quick reply.


#4

Hi Sjlombardo,

Is this issue addressed in version 3.5.9? and is there any link that we can track the status for the issue so we can pull the new version if it’s available.

Thanks,
Albert


#5

Hi @AlbertWangCa

SQLCipher 3.4.2 includes upstream SQLite 3.20.1. You can see below that the SQLite 3.20.1 release included commit 66de6f4a.

Please feel free to reach out to support@zetetic.net if you are a commercial license holder for an updated binary package. Thanks!