Package "libsqlite3-0"

  sqlite3 (3.31.1-4ubuntu0.7) focal-security; urgency=medium

  * SECURITY UPDATE: DoS via sqlite3_db_config arguments
    - debian/patches/CVE-2025-29088.patch: harden SQLITE_DBCONFIG_LOOKASIDE
      interface against misuse in src/main.c, src/sqlite.h.in.
    - CVE-2025-29088

 -- Marc Deslauriers <email address hidden> Tue, 29 Apr 2025 13:16:28 -0400

  sqlite3 (3.31.1-4ubuntu0.6) focal-security; urgency=medium

  * SECURITY UPDATE: heap overflow in sessionReadRecord
    - debian/patches/CVE-2023-7104.patch: fix a buffer overread in the
      sessions extension that could occur when processing a corrupt
      changeset in ext/session/sqlite3session.c.
    - CVE-2023-7104

 -- Marc Deslauriers <email address hidden> Tue, 02 Jan 2024 10:07:14 -0500

  sqlite3 (3.31.1-4ubuntu0.5) focal-security; urgency=medium

  * SECURITY UPDATE: array-bounds overflow via large string argument
    - debian/patches/CVE-2022-35737.patch: increase the size of loop
      variables in src/printf.c.
    - CVE-2022-35737

 -- Marc Deslauriers <email address hidden> Fri, 04 Nov 2022 09:12:40 -0400

  sqlite3 (3.31.1-4ubuntu0.4) focal-security; urgency=medium

  * SECURITY UPDATE: null pointer dereference in INTERSEC query processing
    - debian/patches/CVE-2020-35525.patch: early-out on the INTERSECT query
      processing following an error in src/select.c.
    - CVE-2020-35525
  * SECURITY UPDATE: out of bounds access problem
    - debian/patches/CVE-2020-35527.patch: fix a problem with ALTER TABLE
      for views that have a nested FROM clause in src/select.c,
      test/altertab.test.
    - CVE-2020-35527
  * SECURITY UPDATE: unicode61 tokenizer nul character mishandling
    - debian/patches/CVE-2021-20223.patch: prevent fts5 tokenizer unicode61
      from considering '\0' to be a token characters, even if other
      characters of class "Cc" are in ext/fts5/fts5_unicode2.c,
      ext/fts5/test/fts5tok1.test.
    - CVE-2021-20223

 -- Marc Deslauriers <email address hidden> Wed, 14 Sep 2022 12:44:43 -0400

  sqlite3 (3.31.1-4ubuntu0.3) focal-security; urgency=medium

  * SECURITY UPDATE: segmentation fault in idxGetTableInfo
    - debian/patches/CVE-2021-36690.patch: perform validation
      over the column to ensure it has collating sequence in
      ext/expert/sqlite3expert.c
    - CVE-2021-36690

 -- David Fernandez Gonzalez <email address hidden> Thu, 28 Apr 2022 15:24:31 +0200