Log Message:
databases/ruby-sqlite3: update to 1.5.2

1.5.2 (2022-10-01)

Packaging

This version correctly vendors the tarball for sqlite v3.39.4 in the vanilla
"ruby" platform gem package, so that users will not require network access
at installation.

v1.5.0 and v1.5.1 mistakenly packaged the tarball for sqlite v3.38.5 in the
vanilla "ruby" platform gem, resulting in downloading the intended tarball
over the network at installation time (or, if the network was not available,
failure to install).  Note that the precompiled native gems were not
affected by this issue. [#352]

1.5.1 (2022-09-29)

Dependencies

* Vendored sqlite is updated to v3.39.4.

Security

The vendored version of sqlite, v3.39.4, should be considered to be a
security release.  From the release notes:

	 Version 3.39.4 is a minimal patch against the prior release that
	 addresses issues found since the prior release.  In particular, a
	 potential vulnerability in the FTS3 extension has been fixed, so
	 this should be considered a security update.

	 In order to exploit the vulnerability, an attacker must have full
	 SQL access and must be able to construct a corrupt database with
	 over 2GB of FTS3 content.  The problem arises from a 32-bit signed
	 integer overflow.

For more information please see GHSA-mgvv-5mxp-xq67.