UbuntuUpdates.org

Package "sqlite3"

Name: sqlite3

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • LALR(1) Parser Generator for C or C++
  • SQLite 3 Tcl bindings
  • Command line interface for SQLite 3 (tools)
Latest version: 3.46.1-1ubuntu0.2
Release: oracular (24.10)
Level: security
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "sqlite3" in Oracular

Repository Area Version
base universe 3.46.1-1
base main 3.46.1-1
security main 3.46.1-1ubuntu0.2
updates main 3.46.1-1ubuntu0.2
updates universe 3.46.1-1ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: *DELETED* 2025-05-22 20:07:31 UTC
No changelog for deleted or moved packages.

Version: 3.46.1-1ubuntu0.2 2025-05-22 19:07:40 UTC

  sqlite3 (3.46.1-1ubuntu0.2) oracular-security; urgency=medium

  * SECURITY UPDATE: integer overflow through the concat function
    - debian/patches/CVE-2025-29087_3277.patch: add a typecast to avoid
      32-bit integer overflow in src/func.c.
    - CVE-2025-29087
    - CVE-2025-3277
  * SECURITY UPDATE: DoS via sqlite3_db_config arguments
    - debian/patches/CVE-2025-29088.patch: harden SQLITE_DBCONFIG_LOOKASIDE
      interface against misuse in src/main.c, src/sqlite.h.in.
    - CVE-2025-29088

 -- Marc Deslauriers <email address hidden> Tue, 29 Apr 2025 11:36:22 -0400
CVE-2025-29087 In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffe
CVE-2025-3277 An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQL
CVE-2025-29088 In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash


About   -   Send Feedback to @ubuntu_updates