[ubuntu/disco-security] sqlite3 3.27.2-2ubuntu0.2 (Accepted)

Leonidas S. Barbosa leo.barbosa at canonical.com
Mon Dec 2 12:52:12 UTC 2019

sqlite3 (3.27.2-2ubuntu0.2) disco-security; urgency=medium

  * SECURITY UPDATE: Severe division by zero
    - debian/patches/CVE-2019-16168.patch: fix in
      src/analyze.c, src/where.c, test/analyzeC.test.
    - CVE-2019-16168
  * SECURITY UPDATE: Use after free
    - debian/patches/CVE-2019-5018.patch: fix in
      src/resolve.c, src/sqliteInt.h.
    - CVE-2019-5018
  * SECURITY UPDATE: Heap corruption exploit
    - debian/patches/CVE-2019-5827-*.patch: fix in
      ext/fts3*, ext/rtree/geopoly.c, src/build.c,
      src/expr.c, src/main.c, src/test_fs.c, src/util.c,
      src/vdbeaux.c, src/vdbesort.c, src/vtab.c.
    - CVE-2019-5827
  * SECURITY UPDATE: Mishandle pExpr
    - debian/patches/CVE-2019-19242.patch: correctly handled
      pExpr in src/expr.c.
    - CVE-2019-19242
  * SECURITY UPDATE: Denial of service (crash)
    - debian/patches/CVE-2019-19244.patch: fix the crash
      that happens if no check p->Win == 0 in src/select.c,
    - CVE-2019-19244

Date: 2019-11-28 18:51:14.950635+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
-------------- next part --------------
Sorry, changesfile not available.

More information about the Disco-changes mailing list