SQLite security bug

[kodemanic]

Came across this security advisory https://blade.tencent.com/magellan/index_en.html

Thought it may have an impact on Minetest's use of SQLite, especially for servers and mobile ports.

More at https://www.zdnet.com/google-amp/articl ... -browsers/

Fixed version of SQLite is v.3.26.0 https://www.sqlite.org/releaselog/3_26_0.html

I believe the mitigation is specifically this:

3. Added the SQLITE_DBCONFIG_DEFENSIVE option which disables the ability to create corrupt database files using ordinary SQL.

[sofar]

Came across this security advisory https://blade.tencent.com/magellan/index_en.html

Thought it may have an impact on Minetest's use of SQLite, especially for servers and mobile ports.

More at https://www.zdnet.com/google-amp/articl ... -browsers/

Fixed version of SQLite is v.3.26.0 https://www.sqlite.org/releaselog/3_26_0.html

I believe the mitigation is specifically this:

3. Added the SQLITE_DBCONFIG_DEFENSIVE option which disables the ability to create corrupt database files using ordinary SQL.

From what I've read, the issue is when you allow your application to accept direct SQL commands by a user to an sqlite file.

Minetest doesn't do this. The article confirms this and says, in the section of unaffected configurations that "- No external SQL request is accepted. " is not vulnerable.