UbuntuUpdates.org

Package "sqlite3"

Name: sqlite3

Description:

Command line interface for SQLite 3

Latest version: 3.27.2-2ubuntu0.2
Release: disco (19.04)
Level: updates
Repository: main
Homepage: https://www.sqlite.org/

Links

Save this URL for the latest version of "sqlite3": https://www.ubuntuupdates.org/sqlite3


Download "sqlite3"


Other versions of "sqlite3" in Disco

Repository Area Version
base universe 3.27.2-2
base main 3.27.2-2
security main 3.27.2-2ubuntu0.2
security universe 3.27.2-2ubuntu0.2
updates universe 3.27.2-2ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.27.2-2ubuntu0.2 2019-12-02 15:07:29 UTC

  sqlite3 (3.27.2-2ubuntu0.2) disco-security; urgency=medium

  * SECURITY UPDATE: Severe division by zero
    - debian/patches/CVE-2019-16168.patch: fix in
      src/analyze.c, src/where.c, test/analyzeC.test.
    - CVE-2019-16168
  * SECURITY UPDATE: Use after free
    - debian/patches/CVE-2019-5018.patch: fix in
      src/resolve.c, src/sqliteInt.h.
    - CVE-2019-5018
  * SECURITY UPDATE: Heap corruption exploit
    - debian/patches/CVE-2019-5827-*.patch: fix in
      ext/fts3*, ext/rtree/geopoly.c, src/build.c,
      src/expr.c, src/main.c, src/test_fs.c, src/util.c,
      src/vdbeaux.c, src/vdbesort.c, src/vtab.c.
    - CVE-2019-5827
  * SECURITY UPDATE: Mishandle pExpr
    - debian/patches/CVE-2019-19242.patch: correctly handled
      pExpr in src/expr.c.
    - CVE-2019-19242
  * SECURITY UPDATE: Denial of service (crash)
    - debian/patches/CVE-2019-19244.patch: fix the crash
      that happens if no check p->Win == 0 in src/select.c,
      test1/window1.test.
    - CVE-2019-19244

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 27 Nov 2019 11:40:05 -0300

Source diff to previous version
CVE-2019-16168 In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat
CVE-2019-5018 An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause
CVE-2019-5827 Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a
CVE-2019-19242 SQLite 3.30.1 mishandles pExpr-&gt;y.pTab, as demonstrated by the TK_C ...
CVE-2019-19244 sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usag

Version: 3.27.2-2ubuntu0.1 2019-06-19 18:06:37 UTC

  sqlite3 (3.27.2-2ubuntu0.1) disco-security; urgency=medium

  * SECURITY UPDATE: heap out-of-bound read
    - debian/patches/CVE-2019-8457.patch: enhance the
      rtreenode() in ext/rtree/rtree.c.
    - CVE-2019-8457

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 13 Jun 2019 11:28:02 -0300

CVE-2019-8457 SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.



About   -   Send Feedback to @ubuntu_updates