Message 354025 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	ned.deily
Recipients	Big Stone, ned.deily, paul.moore, ronaldoussoren, steve.dower, tim.golden, zach.ware
Date	2019-10-05.22:35:11
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1570314911.9.0.370346092261.issue38380@roundup.psfhosted.org>
In-reply-to

Content
I verified it is exploitable via the sqlite3 module by adapting the test case from the SQLite ticket (https://www.sqlite.org/src/info/e4598ecbdd18bd82). But since it requires the exploiter to be able to specify raw SQL statements, it doesn't sound like it needs to be treated as a Python security issue. We should plan to to update to the latest SQLite but it doesn't need to be a release blocker.

I verified it is exploitable via the sqlite3 module by adapting the test case from the SQLite ticket (https://www.sqlite.org/src/info/e4598ecbdd18bd82).  But since it requires the exploiter to be able to specify raw SQL statements, it doesn't sound like it needs to be treated as a Python security issue.  We should plan to to update to the latest SQLite but it doesn't need to be a release blocker.

History
Date	User	Action	Args
2019-10-05 22:35:11	ned.deily	set	recipients: + ned.deily, paul.moore, ronaldoussoren, tim.golden, zach.ware, steve.dower, Big Stone
2019-10-05 22:35:11	ned.deily	set	messageid: <1570314911.9.0.370346092261.issue38380@roundup.psfhosted.org>
2019-10-05 22:35:11	ned.deily	link	issue38380 messages
2019-10-05 22:35:11	ned.deily	create