UbuntuUpdates.org

Package "sqlite3"

Name: sqlite3

Description:

Command line interface for SQLite 3
Latest version: 3.31.1-4ubuntu0.4
Release: focal (20.04)
Level: updates
Repository: main
Homepage: https://www.sqlite.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "sqlite3"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "sqlite3" in Focal

Repository Area Version
base main 3.31.1-4
base universe 3.31.1-4
security main 3.31.1-4ubuntu0.4
security universe 3.31.1-4ubuntu0.4
updates universe 3.31.1-4ubuntu0.4

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.31.1-4ubuntu0.4 2022-09-15 19:07:18 UTC

  sqlite3 (3.31.1-4ubuntu0.4) focal-security; urgency=medium

  * SECURITY UPDATE: null pointer dereference in INTERSEC query processing
    - debian/patches/CVE-2020-35525.patch: early-out on the INTERSECT query
      processing following an error in src/select.c.
    - CVE-2020-35525
  * SECURITY UPDATE: out of bounds access problem
    - debian/patches/CVE-2020-35527.patch: fix a problem with ALTER TABLE
      for views that have a nested FROM clause in src/select.c,
      test/altertab.test.
    - CVE-2020-35527
  * SECURITY UPDATE: unicode61 tokenizer nul character mishandling
    - debian/patches/CVE-2021-20223.patch: prevent fts5 tokenizer unicode61
      from considering '\0' to be a token characters, even if other
      characters of class "Cc" are in ext/fts5/fts5_unicode2.c,
      ext/fts5/test/fts5tok1.test.
    - CVE-2021-20223

 -- Marc Deslauriers <email address hidden> Wed, 14 Sep 2022 12:44:43 -0400
Source diff to previous version
CVE-2020-35525 In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing.
CVE-2020-35527 In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause.
CVE-2021-20223 An issue was found in fts5UnicodeTokenize() in ext/fts5/fts5_tokenize.c in Sqlite. A unicode61 tokenizer configured to treat unicode "control-charact

Version: 3.31.1-4ubuntu0.3 2022-05-05 09:06:28 UTC

  sqlite3 (3.31.1-4ubuntu0.3) focal-security; urgency=medium

  * SECURITY UPDATE: segmentation fault in idxGetTableInfo
    - debian/patches/CVE-2021-36690.patch: perform validation
      over the column to ensure it has collating sequence in
      ext/expert/sqlite3expert.c
    - CVE-2021-36690

 -- David Fernandez Gonzalez <email address hidden> Thu, 28 Apr 2022 15:24:31 +0200
Source diff to previous version
CVE-2021-36690 ** DISPUTED ** A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there

Version: 3.31.1-4ubuntu0.2 2020-07-27 17:07:11 UTC

  sqlite3 (3.31.1-4ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: multiSelectOrderBy heap overflow
    - debian/patches/CVE-2020-15358.patch: fix defect in the
      query-flattener optimization in src/select.c, src/sqliteInt.h,
      test/selectA.test.
    - CVE-2020-15358

 -- Marc Deslauriers <email address hidden> Thu, 23 Jul 2020 13:36:13 -0400
Source diff to previous version
CVE-2020-15358 In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transit

Version: 3.31.1-4ubuntu0.1 2020-06-10 16:07:00 UTC

  sqlite3 (3.31.1-4ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: DoS via malformed window-function query
    - debian/patches/CVE-2020-11655-2.patch: in the event of error,
      early-out in src/select.c, test/window1.test.
    - debian/patches/CVE-2020-11655-3.patch: do not suppress errors when
      resolving references in src/resolve.c, test/altertab.test.
    - CVE-2020-11655
  * SECURITY UPDATE: integer overflow in sqlite3_str_vappendf
    - debian/patches/CVE-2020-13434.patch: limit the "precision" of
      floating-point to text conversions in src/printf.c, test/printf.test.
    - CVE-2020-13434
  * SECURITY UPDATE: segmentation fault in sqlite3ExprCodeTarget
    - debian/patches/CVE-2020-13435-pre1.patch: move some utility Walker
      callbacks in src/expr.c, src/select.c, src/sqliteInt.h,
      src/walker.c.
    - debian/patches/CVE-2020-13435-1.patch: be sure to adjust the Expr.op2
      field appropriately in src/resolve.c, src/window.c,
      test/window1.test.
    - debian/patches/CVE-2020-13435-2.patch: add defensive code in
      src/expr.c.
    - CVE-2020-13435
  * SECURITY UPDATE: use-after-free in fts3EvalNextRow
    - debian/patches/CVE-2020-13630.patch: add fix to ext/fts3/fts3.c,
      test/fts3snippet.test.
    - CVE-2020-13630
  * SECURITY UPDATE: virtual table rename issue
    - debian/patches/CVE-2020-13631.patch: do not allow a virtual table to
      be renamed into the name of one of its shadows in src/alter.c,
      src/build.c, src/sqliteInt.h.
    - CVE-2020-13631
  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2020-13632.patch: fix issue in
      ext/fts3/fts3_snippet.c, test/fts3matchinfo2.test.
    - CVE-2020-13632

 -- Marc Deslauriers <email address hidden> Mon, 08 Jun 2020 08:43:24 -0400
CVE-2020-11655 SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo ob
CVE-2020-13434 SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
CVE-2020-13435 SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
CVE-2020-13630 ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
CVE-2020-13631 SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
CVE-2020-13632 ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.


About   -   Send Feedback to @ubuntu_updates