SQLite and Chromium 70.x


#1

@gdgsupport Do you think this bug is worth reconsidering using sqlite with EXEOut?

Not trying to be a scare mogul, only asking your opinion as we use sqlite in in some school related projects. Need your professional opinion:)


#2

The worst that my maintenance ended =(
@gdgsupport will this fix be free or only for those who have active maintenance?

Tencent researchers notified those responsible for SQLite months ago and a fix was released on December 1 with the release of SQLite 3.26.0. Google Chrome 71 also brings the fix.

Just wait for an update.
Wait dev updating.


#3

ExeOutput 2019 will include the CEF update based on Chromium 71. As usual, it will only be accessible if your maintenance is active. We hope to have a release some days after Christmas.


#4

Maybe I should rephrase my question: Do you think there is a danger using compiled exe with this bug?

Seems like lot less risk since using in a closed environment. Have some sqlite databases is Data folders and need some professional advice:)


#5

Silence is a scary thing. Since I cannot get firm answer I have sent out notices to all school districts advising them to refrain from using my apps since unknown update. Very sad…


#6

It’s wiser. If you have external SQlite databases, someone could replace one of your files by a specially crafted database to use the exploit. But this supposes someone who has write access to the folder with your database. This is difficult for instance for an attacker not physically present. We modified our schedule so that ExeOutput 2019 gets the priority for release with that fix.


#7

Not rushing you to release a new version… Only asking if you guys have a time frame when can expect new version. Got some software on hold that people will want to use when school starts backup next week.


#8

If everything goes fine, the new version will be out on Monday or Tuesday.