UbuntuUpdates.org

Package "sqlite3"

Name: sqlite3

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • LALR(1) Parser Generator for C or C++
  • SQLite 3 Tcl bindings

Latest version: 3.22.0-1ubuntu0.7
Release: bionic (18.04)
Level: updates
Repository: universe

Links



Other versions of "sqlite3" in Bionic

Repository Area Version
base main 3.22.0-1
base universe 3.22.0-1
security universe 3.22.0-1ubuntu0.7
security main 3.22.0-1ubuntu0.7
updates main 3.22.0-1ubuntu0.7

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.22.0-1ubuntu0.2 2019-12-02 15:07:28 UTC

  sqlite3 (3.22.0-1ubuntu0.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Severe division by zero
    - debian/patches/CVE-2019-16168.patch: fix in
      src/analyze.c, src/where.c, test/analyzeC.test.
    - CVE-2019-16168
  * SECURITY UPDATE: Heap corruption exploit
    - debian/patches/CVE-2019-5827-*.patch: fix in
      ext/fts3*, ext/rtree/geopoly.c, src/build.c,
      src/expr.c, src/main.c, src/test_fs.c, src/util.c,
      src/vdbeaux.c, src/vdbesort.c, src/vtab.c.
    - CVE-2019-5827

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 28 Nov 2019 11:46:36 -0300

Source diff to previous version
CVE-2019-16168 In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat
CVE-2019-5827 Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a

Version: 3.22.0-1ubuntu0.1 2019-06-19 18:06:33 UTC

  sqlite3 (3.22.0-1ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2018-20346-and-CVE-2018-20506.patch:
      add extra defenses against strategically corrupt databases
      in ext/fts3/fst3.c, ext/fts3/fts3_write.c, test/fts3corrupt4.test,
      test/permutations.test.
    - CVE-2018-20346
    - CVE-2018-20506
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-20505.patch: remove assert
      which fail due to a malformed PK and add check in
      src/wherecode.c, test/rowvalue.test.
    - CVE-2018-20505
  * SECURITY UPDATE: heap out-of-bound read
    - debian/patches/CVE-2019-8457.patch: enhance the
      rtreenode() in ext/rtree/rtree.c.
    - debian/patches/CVE-2019-8457-string-interface.patch:
      add string interface in src/btree.c, src/build.c,
      src/func.c, src/mutex.c, src/pragma.c, src/printf.c,
      src/sqlite.h.in, src/sqliteInt.h, src/treeview.c,
      src/vdbeaux.c, src/vdbetrace.c, src/wherecode.c.
    - CVE-2019-8457
  * security update: heap-buffer over-read
    - debian/patches/cve-2019-9936.patch: add checks
      in code in order to fix in ext/fts5/fts5_hash.c,
      ext/fts5/test/fts5aa.test.
    - CVE-2019-9936
  * security update: NULL pointer dereference
    - debian/patches/cve-2019-9937.patch: fix in
      ext/fts5/fts5Int.h, ext/fts5/fts5_hash.c, ext/fts5/fts5_index.c,
      ext/fts5/test/fts5aa.test.
    - CVE-2019-9937

 -- <email address hidden> (Leonidas S. Barbosa) Fri, 14 Jun 2019 15:02:21 -0300

CVE-2018-20346 SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur
CVE-2018-20506 SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge
CVE-2018-20505 SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash)
CVE-2019-8457 SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.
CVE-2019-9936 In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, whi
CVE-2019-9937 In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5Chu



About   -   Send Feedback to @ubuntu_updates