Ubuntu
sqlite3 package

sqlite3 3.11.0-1ubuntu1.2 source package in Ubuntu

Changelog

sqlite3 (3.11.0-1ubuntu1.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2016-6153-*.patch: change temp direcotry
      search algorithm in src/os_unix.c.
    - CVE-2016-6153
  * SECURITY UPDATE: heap-base buffer over-read
    - debian/patches/CVE-2017-10989.patch: enhance RTree
      module  in ext/rtree/rtree.c and added test in
      ext/rtree/rtreeA.text.
    - CVE-2017-10989
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2017-13685.patch: adds checks in
      src/shell.c.
    - CVE-2017-13685
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2017-2518.patch: prevent a use-after-free
      in src/whereexpr.c.
    - CVE-2017-2518
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2017-2519.patch: increase the size of
      the reference count on table objects to 32bits in src/sqliteInt.h.
    - CVE-2017-2519
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2017-2520.patch: add a check for pVal in
      src/vdbemem.c
    - CVE-2017-2520
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2018-20346-and-CVE-2018-20506.patch:
      add extra defenses against strategically corrupt databases
      in ext/fts3/fst3.c, ext/fts3/fts3_write.c, test/fts3corrupt4.test,
      test/permutations.test.
    - CVE-2018-20346
    - CVE-2018-20506
  * SECURITY UPDATE: heap out-of-bound read
    - debian/patches/CVE-2019-8457.patch: enhance the
      rtreenode() in ext/rtree/rtree.c.
    - debian/patches/CVE-2019-8457-string-interface.patch:
      add string interface in src/btree.c, src/build.c,
      src/func.c, src/mutex.c, src/pragma.c, src/printf.c,
      src/sqlite.h.in, src/sqliteInt.h, src/treeview.c,
      src/vdbeaux.c, src/vdbetrace.c, src/wherecode.c.
    - CVE-2019-8457
  * security update: heap-buffer over-read
    - debian/patches/cve-2019-9936.patch: add checks
      in code in order to fix in ext/fts5/fts5_hash.c,
      ext/fts5/test/fts5aa.test.
    - CVE-2019-9936
  * security update: NULL pointer dereference
    - debian/patches/cve-2019-9937.patch: fix in
      ext/fts5/fts5Int.h, ext/fts5/fts5_hash.c, ext/fts5/fts5_index.c,
      ext/fts5/test/fts5aa.test.
    - CVE-2019-9937

 -- <email address hidden> (Leonidas S. Barbosa)  Tue, 18 Jun 2019 09:42:23 -0300

Upload details

Uploaded by:
Leonidas S. Barbosa
Uploaded to:
Xenial
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
devel
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
sqlite3_3.11.0.orig-www.tar.xz 3.0 MiB 99843a91a1da29cf07269df49b37b0cd8a75035a88aacdb1186f94a9a217bab3
sqlite3_3.11.0.orig.tar.xz 4.9 MiB 79fb8800b8744337d5317270899a5a40612bb76f81517e131bf496c26b044490
sqlite3_3.11.0-1ubuntu1.2.debian.tar.xz 34.0 KiB 8756e8b38a41cad6c3fca5aeb286f28a8ceab68e193a9a2ca7b2049d43ee3237
sqlite3_3.11.0-1ubuntu1.2.dsc 2.5 KiB 4ff8c009cfc90745ed22805357a55f653b60c03e116d04227bbd8e444cb5ea94

View changes file

Binary packages built by this source

lemon: LALR(1) Parser Generator for C or C++

 Lemon is an LALR(1) parser generator for C or C++. It does the same
 job as bison and yacc. But lemon is not another bison or yacc
 clone. It uses a different grammar syntax which is designed to reduce
 the number of coding errors. Lemon also uses a more sophisticated
 parsing engine that is faster than yacc and bison and which is both
 reentrant and thread-safe. Furthermore, Lemon implements features
 that can be used to eliminate resource leaks, making is suitable for
 use in long-running programs such as graphical user interfaces or
 embedded controllers.

lemon-dbgsym: debug symbols for package lemon

 Lemon is an LALR(1) parser generator for C or C++. It does the same
 job as bison and yacc. But lemon is not another bison or yacc
 clone. It uses a different grammar syntax which is designed to reduce
 the number of coding errors. Lemon also uses a more sophisticated
 parsing engine that is faster than yacc and bison and which is both
 reentrant and thread-safe. Furthermore, Lemon implements features
 that can be used to eliminate resource leaks, making is suitable for
 use in long-running programs such as graphical user interfaces or
 embedded controllers.

libsqlite3-0: SQLite 3 shared library

 SQLite is a C library that implements an SQL database engine.
 Programs that link with the SQLite library can have SQL database
 access without running a separate RDBMS process.

libsqlite3-0-dbg: SQLite 3 debugging symbols

 SQLite is a C library that implements an SQL database engine.
 Programs that link with the SQLite library can have SQL database
 access without running a separate RDBMS process.
 .
 This package contains the debugging symbols for the libraries.

libsqlite3-0-dbgsym: debug symbols for package libsqlite3-0

 SQLite is a C library that implements an SQL database engine.
 Programs that link with the SQLite library can have SQL database
 access without running a separate RDBMS process.

libsqlite3-dev: SQLite 3 development files

 SQLite is a C library that implements an SQL database engine.
 Programs that link with the SQLite library can have SQL database
 access without running a separate RDBMS process.
 .
 This package contains the development files (headers, static libraries)

libsqlite3-dev-dbgsym: debug symbols for package libsqlite3-dev

 SQLite is a C library that implements an SQL database engine.
 Programs that link with the SQLite library can have SQL database
 access without running a separate RDBMS process.
 .
 This package contains the development files (headers, static libraries)

libsqlite3-tcl: SQLite 3 Tcl bindings

 SQLite is a C library that implements an SQL database engine.
 Programs that link with the SQLite library can have SQL database
 access without running a separate RDBMS process.
 .
 This package contains the Tcl bindings.

libsqlite3-tcl-dbgsym: debug symbols for package libsqlite3-tcl

 SQLite is a C library that implements an SQL database engine.
 Programs that link with the SQLite library can have SQL database
 access without running a separate RDBMS process.
 .
 This package contains the Tcl bindings.

sqlite3: Command line interface for SQLite 3

 SQLite is a C library that implements an SQL database engine.
 Programs that link with the SQLite library can have SQL database
 access without running a separate RDBMS process.

sqlite3-dbgsym: debug symbols for package sqlite3

 SQLite is a C library that implements an SQL database engine.
 Programs that link with the SQLite library can have SQL database
 access without running a separate RDBMS process.

sqlite3-doc: SQLite 3 documentation

 SQLite is a C library that implements an SQL database engine.
 Programs that link with the SQLite library can have SQL database
 access without running a separate RDBMS process.
 .
 This package contains the documentation that is also available on
 the SQLite homepage.