[ubuntu/bionic-security] sqlite3 3.22.0-1ubuntu0.1 (Accepted)
Leonidas S. Barbosa
leo.barbosa at canonical.com
Wed Jun 19 15:54:33 UTC 2019
sqlite3 (3.22.0-1ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2018-20346-and-CVE-2018-20506.patch:
add extra defenses against strategically corrupt databases
in ext/fts3/fst3.c, ext/fts3/fts3_write.c, test/fts3corrupt4.test,
test/permutations.test.
- CVE-2018-20346
- CVE-2018-20506
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-20505.patch: remove assert
which fail due to a malformed PK and add check in
src/wherecode.c, test/rowvalue.test.
- CVE-2018-20505
* SECURITY UPDATE: heap out-of-bound read
- debian/patches/CVE-2019-8457.patch: enhance the
rtreenode() in ext/rtree/rtree.c.
- debian/patches/CVE-2019-8457-string-interface.patch:
add string interface in src/btree.c, src/build.c,
src/func.c, src/mutex.c, src/pragma.c, src/printf.c,
src/sqlite.h.in, src/sqliteInt.h, src/treeview.c,
src/vdbeaux.c, src/vdbetrace.c, src/wherecode.c.
- CVE-2019-8457
* security update: heap-buffer over-read
- debian/patches/cve-2019-9936.patch: add checks
in code in order to fix in ext/fts5/fts5_hash.c,
ext/fts5/test/fts5aa.test.
- CVE-2019-9936
* security update: NULL pointer dereference
- debian/patches/cve-2019-9937.patch: fix in
ext/fts5/fts5Int.h, ext/fts5/fts5_hash.c, ext/fts5/fts5_index.c,
ext/fts5/test/fts5aa.test.
- CVE-2019-9937
Date: 2019-06-17 14:44:21.568860+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/sqlite3/3.22.0-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list