SUSE has issued an advisory today (October 19): https://lists.suse.com/pipermail/sle-security-updates/2022-October/012573.html Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOO
The advisory is for Suse itself, also the patches (which I could not find); their bug https://bugzilla.suse.com/1195773 Assigning this globally as 'tcl' has had various maintainers.
Assignee: bugsquad => pkg-bugs
I just checked code in both pkgs for mga8 and Cauldron and neither of them uses a bundled copy of sqlite3, they haven't a folder called "./pkgs/sqlite3/". We can close this bug as INVALID!
CC: (none) => geiger.david68210
Are you sure? The TCL and libtcl packages don't have libsqlite3 as a dependency.
Yes completely sure. I don't found any "sqlite3" related code in the source. Opensuse says: - Remove the SQLite extension and package it as a subpackage of sqlite3 to have only a single copy and keep it more up to date (bsc#1195773). And we have also a sqlite3-tcl sub-pkg provided directly with our sqlite3 src.rpm.
Thanks!
Status: NEW => RESOLVEDResolution: (none) => INVALID