GNU bug report logs

#33751 SQLite "Magellan" vulnerability

PackageSource(s)Maintainer(s)
guix PTS Buildd Popcon
Full log

Message #19 received at 33751@debbugs.gnu.org (full text, mbox, reply):

Received: (at 33751) by debbugs.gnu.org; 18 Dec 2018 03:07:37 +0000
From debbugs-submit-bounces@debbugs.gnu.org Mon Dec 17 22:07:37 2018
Received: from localhost ([127.0.0.1]:52445 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1gZ5jN-0000TI-EQ
	for submit@debbugs.gnu.org; Mon, 17 Dec 2018 22:07:37 -0500
Received: from mail-pf1-f172.google.com ([209.85.210.172]:33316)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <alexvong1995@gmail.com>) id 1gZ5jM-0000T6-4o
 for 33751@debbugs.gnu.org; Mon, 17 Dec 2018 22:07:36 -0500
Received: by mail-pf1-f172.google.com with SMTP id c123so7401134pfb.0
 for <33751@debbugs.gnu.org>; Mon, 17 Dec 2018 19:07:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:cc:subject:references:date:in-reply-to:message-id
 :user-agent:mime-version;
 bh=HlQgrC+a4bu4+fSc9rIOOdIlFvAese4IeXbOIk+5zXs=;
 b=kB2Ai4XKUDz1fTBDWh+/UZHb5XCp7iIF9wxt9rlm8PcfgylxkXrWblVW/1nGB+Rmav
 M9+/MNE/BkD9/8SwCnJ9rL/flKq3PLjtF8Ja4oOLySX1pP+CrG3VnWXJMI0HBktINfI7
 a9rnV73xT42DSat0GbYQJgAmKGCIfZFGp8VbUUnx6tMw8F9QR5YetYEm/3bYsgSUgHw6
 hEm7BCLh3LvAeNWNxH8x+FreFPrD01nyc1MD0sYVZa+X4A/GylpJPvFXF7iV/mvK8r4e
 XiIslHjrrETPCYMYkv32YtfQW6UKxzYCgqvMXcIRbt1xLCpaoBiT9JuieM7IgpTCIjRv
 9qPA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:cc:subject:references:date
 :in-reply-to:message-id:user-agent:mime-version;
 bh=HlQgrC+a4bu4+fSc9rIOOdIlFvAese4IeXbOIk+5zXs=;
 b=D294hUzXAbtRezgGXPqNe3E5d6h/pakQhu1BwIpO6ukXPE4spZ0kLRadUP8BI+rqCu
 1AfXhvzyB4Msb90/PgTyZYFvk1HmOtmtPaWzHSCmk21ZYHguQsX3+ygHBhSwmuRpsTEr
 /XfmDI08nGJr6f9kcn44BhrvkkGnsIfpukm1s/0AcT19lIi+uQ3sHA5wbGBqqFQnkCWA
 m2NFq3UMnxop/yFybav28DVRwdIZ8IGykLxVKbHO5sJT61gTB+imB9E8qoaTZdauJAUm
 1bb0c/xE2rZCtQ7KKsaf1A4ynjR691hLckq3oZc/ksIiCthciEJpk14HdGVwqWl3TzIf
 ekKQ==
X-Gm-Message-State: AA+aEWa9AlD57wUImw+cakVlVG67TslmUnU33M1Ry6I4pPfZUHSj71Sz
 5vDn+SKfs6qH9CJ4RVRAwUw=
X-Google-Smtp-Source: AFSGD/XbKlIf7InsATTqmlqgDwt9QCrgHuwHUQx+dBMYIRlVnpLoLSIPJKEt2vBofabLAg0Bdck/5w==
X-Received: by 2002:a63:441e:: with SMTP id r30mr1459465pga.128.1545102450423; 
 Mon, 17 Dec 2018 19:07:30 -0800 (PST)
Received: from debian (n058152177090.netvigator.com. [58.152.177.90])
 by smtp.gmail.com with ESMTPSA id f6sm19197667pfg.188.2018.12.17.19.07.28
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Mon, 17 Dec 2018 19:07:29 -0800 (PST)
From: Alex Vong <alexvong1995@gmail.com>
To: Mark H Weaver <mhw@netris.org>
Subject: Re: [SECURITY] Which packages bundle sqlite?
References: <871s6g2oqh.fsf@gmail.com> <87tvjc14po.fsf@gmail.com>
 <87y38ovut0.fsf@netris.org>
Date: Tue, 18 Dec 2018 11:07:24 +0800
In-Reply-To: <87y38ovut0.fsf@netris.org> (Mark H. Weaver's message of "Mon, 17
 Dec 2018 14:04:16 -0500")
Message-ID: <87bm5j1qj7.fsf@gmail.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha256; protocol="application/pgp-signature"
X-Spam-Score: 0.2 (/)
X-Debbugs-Envelope-To: 33751
Cc: 33751@debbugs.gnu.org, alexvong1995@gmail.com
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -0.8 (/)

[Message part 1 (text/plain, inline)]
Hi Mark,

Mark H Weaver <mhw@netris.org> writes:

> Hi Alex,
>
> This issue is being tracked at <https://bugs.gnu.org/33751>,
> so it would be best to send followups regarding this issue to
> <33751@debbugs.gnu.org>.
>
Thanks for pointing me to the right place. I checked guix-patches but
not guix...

> Alex Vong <alexvong1995@gmail.com> writes:
>
>> I also want to know should we graft in this case since updating sqlite
>> would cause ~4000s rebuilts.
>
> Yes, it should be grafted.
>
>> Besides, how to deal with packages that
>> inherit sqlite when grafting?
>> (e.g. sqlite-with-fts5 and sqlite-with-column-metadata)
>
> These should be changed to use the 'package/inherit' macro.
>
I sent the patch to
<https://debbugs.gnu.org/cgi/bugreport.cgi?bug=33783>.

> Thanks for working on it!
>
>       Mark

Cheers,
Alex

[signature.asc (application/pgp-signature, inline)]

Send a report that this bug log contains spam.

debbugs.gnu.org maintainers <help-debbugs@gnu.org>. Last modified: Sun Dec 22 11:14:42 2024; Machine Name: wallace-server

GNU bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.