Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependabot alert: libsqlite3-sys via C SQLite improperly validates array index #124

Closed
josecelano opened this issue Apr 28, 2023 · 2 comments
Closed

Dependabot alert: libsqlite3-sys via C SQLite improperly validates array index #124

josecelano opened this issue Apr 28, 2023 · 2 comments
Labels
Dependencies Related to Dependencies Security Publicly Connected to Security
Milestone
v3.0.0

Comments

@josecelano
Copy link
Member

josecelano commented Apr 28, 2023
edited
Loading

GitHub Advisory Database: GHSA-jw36-hf63-69r9

$ cargo tree -i -p libsqlite3-sys
libsqlite3-sys v0.24.2
├── sqlx-core v0.6.3
│   └── sqlx-macros v0.6.3 (proc-macro)
│       └── sqlx v0.6.3
│           └── torrust-index-backend v2.0.0-dev.1 (/home/josecelano/Documents/git/committer/me/github/torrust/torrust-index-backend)
└── sqlx-core v0.6.3
    └── sqlx v0.6.3 (*)

sqlx crate is using it.

It seems it has been fixed but not included in a new release yet launchbadge/sqlx#2174
@josecelano josecelano changed the title Dependabot alerts: libsqlite3-sys via C SQLite improperly validates array index Dependabot alert: libsqlite3-sys via C SQLite improperly validates array index Apr 28, 2023
@josecelano josecelano added the Security Publicly Connected to Security label Apr 28, 2023
@da2ce7
Copy link
Contributor

da2ce7 commented Jul 31, 2023

Should have been fixed in the 0.7 release: https://github.com/launchbadge/sqlx/releases/tag/v0.7.0

@cgbosse cgbosse moved this to BUG & Security in Torrust Solution Jan 10, 2024
@cgbosse cgbosse added this to the v3.0.0 milestone Jan 16, 2024
@josecelano josecelano added the Dependencies Related to Dependencies label Jan 16, 2024
@josecelano
Copy link
Member Author

Fixed via 272c384...c5f11a1

@github-project-automation github-project-automation bot moved this from BUG & Security to Done in Torrust Solution May 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Dependencies Related to Dependencies Security Publicly Connected to Security
Projects
Torrust Solution
Status: Done
Milestone
v3.0.0
Development

No branches or pull requests
3 participants
@josecelano @da2ce7 @cgbosse