Author ned.deily
Recipients Big Stone, ned.deily, paul.moore, ronaldoussoren, steve.dower, tim.golden, zach.ware
Date 2019-10-05.22:35:11
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1570314911.9.0.370346092261.issue38380@roundup.psfhosted.org>
In-reply-to
Content
I verified it is exploitable via the sqlite3 module by adapting the test case from the SQLite ticket (https://www.sqlite.org/src/info/e4598ecbdd18bd82).  But since it requires the exploiter to be able to specify raw SQL statements, it doesn't sound like it needs to be treated as a Python security issue.  We should plan to to update to the latest SQLite but it doesn't need to be a release blocker.
History
Date User Action Args
2019-10-05 22:35:11ned.deilysetrecipients: + ned.deily, paul.moore, ronaldoussoren, tim.golden, zach.ware, steve.dower, Big Stone
2019-10-05 22:35:11ned.deilysetmessageid: <1570314911.9.0.370346092261.issue38380@roundup.psfhosted.org>
2019-10-05 22:35:11ned.deilylinkissue38380 messages
2019-10-05 22:35:11ned.deilycreate