Message 331947 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	Scott Stevens
Recipients	Scott Stevens, paul.moore, steve.dower, tim.golden, vstinner, zach.ware
Date	2018-12-17.07:07:24
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1545030445.3.0.788709270274.issue35360@psf.upfronthosting.co.za>
In-reply-to

Content
With the discovery of the SQLite "Magellan" bug, could the version be upgraded to 3.26 for all Python versions? As far as I know, the security case is restricted to where the user is allowing aribitrary SQL execution without arbitrary Python execution, but in that case I do believe remote code execution is possible. https://blade.tencent.com/magellan/index_en.html

With the discovery of the SQLite "Magellan" bug, could the version be  upgraded to 3.26 for all Python versions? As far as I know, the security case is restricted to where the user is allowing aribitrary SQL execution without arbitrary Python execution, but in that case I do believe remote code execution is possible.

https://blade.tencent.com/magellan/index_en.html

History
Date	User	Action	Args
2018-12-17 07:07:25	Scott Stevens	set	recipients: + Scott Stevens, paul.moore, vstinner, tim.golden, zach.ware, steve.dower
2018-12-17 07:07:25	Scott Stevens	set	messageid: <1545030445.3.0.788709270274.issue35360@psf.upfronthosting.co.za>
2018-12-17 07:07:25	Scott Stevens	link	issue35360 messages
2018-12-17 07:07:24	Scott Stevens	create