UbuntuUpdates.org

Package "sqlite3"

Name: sqlite3

Description:

Command line interface for SQLite 3

Latest version: 3.31.1-4ubuntu0.6
Release: focal (20.04)
Level: updates
Repository: main
Homepage: https://www.sqlite.org/

Links


Download "sqlite3"


Other versions of "sqlite3" in Focal

Repository Area Version
base main 3.31.1-4
base universe 3.31.1-4
security main 3.31.1-4ubuntu0.6
security universe 3.31.1-4ubuntu0.6
updates universe 3.31.1-4ubuntu0.6

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.31.1-4ubuntu0.6 2024-01-03 21:07:20 UTC

  sqlite3 (3.31.1-4ubuntu0.6) focal-security; urgency=medium

  * SECURITY UPDATE: heap overflow in sessionReadRecord
    - debian/patches/CVE-2023-7104.patch: fix a buffer overread in the
      sessions extension that could occur when processing a corrupt
      changeset in ext/session/sqlite3session.c.
    - CVE-2023-7104

 -- Marc Deslauriers <email address hidden> Tue, 02 Jan 2024 10:07:14 -0500

Source diff to previous version
CVE-2023-7104 A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ex

Version: 3.31.1-4ubuntu0.5 2022-11-07 18:06:30 UTC

  sqlite3 (3.31.1-4ubuntu0.5) focal-security; urgency=medium

  * SECURITY UPDATE: array-bounds overflow via large string argument
    - debian/patches/CVE-2022-35737.patch: increase the size of loop
      variables in src/printf.c.
    - CVE-2022-35737

 -- Marc Deslauriers <email address hidden> Fri, 04 Nov 2022 09:12:40 -0400

Source diff to previous version
CVE-2022-35737 SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.

Version: 3.31.1-4ubuntu0.4 2022-09-15 19:07:18 UTC

  sqlite3 (3.31.1-4ubuntu0.4) focal-security; urgency=medium

  * SECURITY UPDATE: null pointer dereference in INTERSEC query processing
    - debian/patches/CVE-2020-35525.patch: early-out on the INTERSECT query
      processing following an error in src/select.c.
    - CVE-2020-35525
  * SECURITY UPDATE: out of bounds access problem
    - debian/patches/CVE-2020-35527.patch: fix a problem with ALTER TABLE
      for views that have a nested FROM clause in src/select.c,
      test/altertab.test.
    - CVE-2020-35527
  * SECURITY UPDATE: unicode61 tokenizer nul character mishandling
    - debian/patches/CVE-2021-20223.patch: prevent fts5 tokenizer unicode61
      from considering '\0' to be a token characters, even if other
      characters of class "Cc" are in ext/fts5/fts5_unicode2.c,
      ext/fts5/test/fts5tok1.test.
    - CVE-2021-20223

 -- Marc Deslauriers <email address hidden> Wed, 14 Sep 2022 12:44:43 -0400

Source diff to previous version
CVE-2020-35525 In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing.
CVE-2020-35527 In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause.
CVE-2021-20223 An issue was found in fts5UnicodeTokenize() in ext/fts5/fts5_tokenize.c in Sqlite. A unicode61 tokenizer configured to treat unicode "control-charact

Version: 3.31.1-4ubuntu0.3 2022-05-05 09:06:28 UTC

  sqlite3 (3.31.1-4ubuntu0.3) focal-security; urgency=medium

  * SECURITY UPDATE: segmentation fault in idxGetTableInfo
    - debian/patches/CVE-2021-36690.patch: perform validation
      over the column to ensure it has collating sequence in
      ext/expert/sqlite3expert.c
    - CVE-2021-36690

 -- David Fernandez Gonzalez <email address hidden> Thu, 28 Apr 2022 15:24:31 +0200

Source diff to previous version
CVE-2021-36690 ** DISPUTED ** A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there

Version: 3.31.1-4ubuntu0.2 2020-07-27 17:07:11 UTC

  sqlite3 (3.31.1-4ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: multiSelectOrderBy heap overflow
    - debian/patches/CVE-2020-15358.patch: fix defect in the
      query-flattener optimization in src/select.c, src/sqliteInt.h,
      test/selectA.test.
    - CVE-2020-15358

 -- Marc Deslauriers <email address hidden> Thu, 23 Jul 2020 13:36:13 -0400

CVE-2020-15358 In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transit



About   -   Send Feedback to @ubuntu_updates