Skip to content

sqlite version upgrade needed to fix BDBA high violation #2570

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
amd-shiraz merged 1 commit into from
Dec 16, 2025
Merged

sqlite version upgrade needed to fix BDBA high violation #2570

amd-shiraz merged 1 commit into from
Dec 16, 2025

Conversation

@amd-shiraz
Copy link
Contributor

@amd-shiraz amd-shiraz commented Dec 16, 2025
edited
Loading

Motivation

Sqlite version 3.49 used by TheRock has a high severity BDBA violation http://protecode-sc.amd.com/#/vulnerabilities/BDSA-2025-11433

The fix for that violation is in sqlite version 3.50.4.

This PR addresses the issue

Technical Details

update sqlite from https://www.sqlite.org/2025/sqlite-amalgamation-3500400.zip

SHA256 verification steps:

certutil -hashfile sqlite-amalgamation-3500400.zip SHA256
SHA256 hash of sqlite-amalgamation-3500400.zip:
1d3049dd0f830a025a53105fc79fd2ab9431aea99e137809d064d8ee8356b032

Test Plan

CI tests runs for all arch types as part of PR checks

Test Result

CI tests passing for all arch types in PR

Submission Checklist

@amd-shiraz amd-shiraz marked this pull request as ready for review December 16, 2025 02:08
@amd-shiraz amd-shiraz changed the title @SWDEV-567300: sqlite version upgrade needed to fix BDBA high violation sqlite version upgrade needed to fix BDBA high violation Dec 16, 2025
@amd-shiraz amd-shiraz merged commit a4d1804 into ROCm:main Dec 16, 2025
119 of 123 checks passed
@github-project-automation github-project-automation bot moved this from TODO to Done in TheRock Triage Dec 16, 2025
benrichard-amd pushed a commit to benrichard-amd/TheRock that referenced this pull request Jan 5, 2026
@amd-shiraz @benrichard-amd
sqlite version upgrade needed to fix BDBA high violation (ROCm#2570)
e378245 
## Motivation

Sqlite version 3.49 used by TheRock has a high severity BDBA violation
http://protecode-sc.amd.com/#/vulnerabilities/BDSA-2025-11433

The fix for that violation is in sqlite version 3.50.4.

This PR addresses the issue

## Technical Details

update sqlite from
https://www.sqlite.org/2025/sqlite-amalgamation-3500400.zip

SHA256 verification steps:

certutil -hashfile sqlite-amalgamation-3500400.zip SHA256
SHA256 hash of sqlite-amalgamation-3500400.zip:
1d3049dd0f830a025a53105fc79fd2ab9431aea99e137809d064d8ee8356b032

## Test Plan

CI tests runs for all arch types as part of PR checks

## Test Result

CI tests passing for all arch types in PR

## Submission Checklist

- [X ] Look over the contributing guidelines at
https://github.com/ROCm/ROCm/blob/develop/CONTRIBUTING.md#pull-requests.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stellaraccident stellaraccident stellaraccident approved these changes

@marbre marbre marbre approved these changes

@geomin12 geomin12 geomin12 approved these changes

@ScottTodd ScottTodd Awaiting requested review from ScottTodd

@jayhawk-commits jayhawk-commits Awaiting requested review from jayhawk-commits

Assignees

No one assigned

Labels

None yet

Projects

TheRock Triage
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@amd-shiraz @stellaraccident @marbre @geomin12