[Bug 1546911] Re: Please recompile sqlite 3.11 with -DSQLITE_ENABLE_FTS3_TOKENIZER
Tyler Hicks
tyhicks at canonical.com
Fri Feb 19 16:20:26 UTC 2016
I agree that applications shouldn't be running untrusted SQL/PHP. We can
enable the flag in our sqlite3 package for now but, as Łukasz mentioned,
I think it would be best if James could work with upstream to get a
proper tokenizer in place in the future.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to sqlite3 in Ubuntu.
https://bugs.launchpad.net/bugs/1546911
Title:
Please recompile sqlite 3.11 with -DSQLITE_ENABLE_FTS3_TOKENIZER
Status in mediascanner2 package in Ubuntu:
Confirmed
Status in sqlite3 package in Ubuntu:
Confirmed
Bug description:
The recent upload of sqlite 3.11 to xenial-proposed has rendered
mediascanner2 non-functional. From the release notes, it seems the
ability to register new full text search tokenizers has been disabled
by default:
http://sqlite.org/releaselog/3_11_0.html
This means that mediascanner2 fails to open the index. We can't
switch to any of the built-in tokenizers because they don't handle CJK
text, so the only option seems to be to re-enable this functionality
despite it being a potential security vulnerability for apps that let
untrusted code run arbitrary SQL.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mediascanner2/+bug/1546911/+subscriptions
More information about the foundations-bugs
mailing list