SQLite developers need to push the patch SQLite has pushed out an update to fix a local tempfile bug, to address concerns that the bug could be exploitable beyond the merely local. The bug was found by KoreLogic and reported to the popular open source database project, before being published at Full Disclosure. The issue is that SQLite creates its tempfiles in a …
How much more open do you want ?
The code starts /*
** 2005 February 15
**
** The author disclaims copyright to this source code. In place of
** a legal notice, here is a blessing:
**
** May you do good and not evil.
** May you find forgiveness for yourself and forgive others.
** May you share freely, never taking more than you give.
**
*************************************************************************
*/
Since you can't be arsed to look for yourself, here's the relevant page from the SQLite website,
https://www.sqlite.org/copyright.html
The first paragraph on that page states
"All of the code and documentation in SQLite has been dedicated to the public domain by the authors. All code authors, and representatives of the companies they work for, have signed affidavits dedicating their contributions to the public domain and originals of those signed affidavits are stored in a firesafe at the main offices of Hwaci. Anyone is free to copy, modify, publish, use, compile, sell, or distribute the original SQLite code, either in source code form or as a compiled binary, for any purpose, commercial or non-commercial, and by any means.
The previous paragraph applies to the deliverable code and documentation in SQLite - those parts of the SQLite library that you actually bundle and ship with a larger application. Some scripts used as part of the build process (for example the "configure" scripts generated by autoconf) might fall under other open-source licenses. Nothing from these build scripts ever reaches the final deliverable SQLite library, however, and so the licenses associated with those scripts should not be a factor in assessing your rights to copy and use the SQLite library.
All of the deliverable code in SQLite has been written from scratch. No code has been taken from other projects or from the open internet. Every line of code can be traced back to its original author, and all of those authors have public domain dedications on file. So the SQLite code base is clean and is uncontaminated with licensed code from other projects."
I'd be surprised if Dr Richard Hipp and his merry group of developers haven't got a fix out within 30 mins of being alerted to this. I genuinely mean 30 mins as well, the SQLite dev team are red hot on big fixes and support.
Not seen anything on the mailing lists but I may not have been paying attention.
What nonsense. Would you like a pointer to the download page for the source code??
https://www.sqlite.org/download.html
A google search for "sqlite source code" gives this as the first hit.
Not to mention that sqlite is bundled with OSes with strong free software requirements (like Debian)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
