[ubuntu/xenial-security] sqlite3 3.11.0-1ubuntu1.4 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Tue Mar 10 12:46:56 UTC 2020
sqlite3 (3.11.0-1ubuntu1.4) xenial-security; urgency=medium
* SECURITY UPDATE: more shadow table corruption
- debian/patches/CVE-2019-13734_50.patch: more improvements to shadow
table corruption detection in ext/fts3/fts3.c, ext/fts3/fts3Int.h,
ext/fts3/fts3_write.c.
- CVE-2019-13734
- CVE-2019-13750
* SECURITY UPDATE: corrupt records in fts3
- debian/patches/CVE-2019-13751-pre1.patch: detect and prevent infinite
recursion in fts3SelectLeaf() due to a malformed FTS3 btree in
ext/fts3/fts3.c, test/fts4aa.test.
- debian/patches/CVE-2019-13751.patch: improve detection of corrupt
records in ext/fts3/fts3.c, ext/fts3/fts3_write.c.
- CVE-2019-13751
* SECURITY UPDATE: shadow table corruption
- debian/patches/CVE-2019-13752.patch: improved detection of corrupt
shadow tables in ext/fts3/fts3.c, ext/fts3/fts3Int.h,
ext/fts3/fts3_write.c.
- CVE-2019-13752
* SECURITY UPDATE: out of bounds read
- debian/patches/CVE-2019-13753.patch: remove a reachable NEVER() in
ext/fts3/fts3_write.c.
- CVE-2019-13753
* SECURITY UPDATE: multiSelect error handling issue
- debian/patches/CVE-2019-19926.patch: abort early due to prior errors
in src/select.c.
- CVE-2019-19926
* SECURITY UPDATE: selectExpander stack unwinding issue
- debian/patches/CVE-2019-20218-pre1.patch: make sure the WITH stack in
the Parse object is disabled following an error in src/select.c,
src/util.c, test/with3.test.
- debian/patches/CVE-2019-20218.patch: do not attempt to unwind the
WITH stack in the Parse object following an error in src/select.c,
test/altertab3.test.
- CVE-2019-20218
Date: 2020-03-03 15:28:31.413149+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/sqlite3/3.11.0-1ubuntu1.4
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list