Ubuntu
sqlite3 package

sqlite3 3.29.0-2ubuntu0.3 source package in Ubuntu

Changelog

sqlite3 (3.29.0-2ubuntu0.3) eoan-security; urgency=medium

  * SECURITY UPDATE: crash via SELECT statements with a nonexistent VIEW
    - debian/patches/CVE-2019-19603-pre1.patch: break out the test for
      writable shadow tables into a separate subroutine in src/alter.c,
      src/build.c, src/delete.c, src/sqliteInt.h.
    - debian/patches/CVE-2019-19603.patch: do not allow CREATE TABLE or
      CREATE VIEW of an object with a name that looks like a shadow table
      name in src/build.c, src/sqliteInt.h, test/altertab.test.
    - CVE-2019-19603
  * SECURITY UPDATE: infinite recursion via certain views
    - debian/patches/CVE-2019-19645.patch: avoid infinite recursion in the
      ALTER TABLE code when a view contains an unused CTE that references,
      directly or indirectly, the view itself in src/alter.c,
      src/build.c, src/sqliteInt.h, test/altertab3.test.
    - CVE-2019-19645
  * SECURITY UPDATE: DoS via malformed window-function query
    - debian/patches/CVE-2020-11655-1.patch: remove two incorrect assert()
      statements in src/select.c, test/colname.test.
    - debian/patches/CVE-2020-11655-2.patch: in the event of error,
      early-out in src/select.c, test/window1.test.
    - debian/patches/CVE-2020-11655-3.patch: do not suppress errors when
      resolving references in src/resolve.c, test/altertab.test.
    - CVE-2020-11655
  * SECURITY UPDATE: integer overflow in sqlite3_str_vappendf
    - debian/patches/CVE-2020-13434.patch: limit the "precision" of
      floating-point to text conversions in src/printf.c, test/printf.test.
    - CVE-2020-13434
  * SECURITY UPDATE: segmentation fault in sqlite3ExprCodeTarget
    - debian/patches/CVE-2020-13435-pre1.patch: move some utility Walker
      callbacks in src/expr.c, src/select.c, src/sqliteInt.h,
      src/walker.c.
    - debian/patches/CVE-2020-13435-1.patch: be sure to adjust the Expr.op2
      field appropriately in src/resolve.c, src/window.c,
      test/window1.test.
    - debian/patches/CVE-2020-13435-2.patch: add defensive code in
      src/expr.c.
    - CVE-2020-13435
  * SECURITY UPDATE: use-after-free in fts3EvalNextRow
    - debian/patches/CVE-2020-13630.patch: add fix to ext/fts3/fts3.c,
      test/fts3snippet.test.
    - CVE-2020-13630
  * SECURITY UPDATE: virtual table rename issue
    - debian/patches/CVE-2020-13631.patch: do not allow a virtual table to
      be renamed into the name of one of its shadows in src/alter.c,
      src/build.c, src/sqliteInt.h.
    - CVE-2020-13631
  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2020-13632.patch: fix issue in
      ext/fts3/fts3_snippet.c, test/fts3matchinfo2.test.
    - CVE-2020-13632

 -- Marc Deslauriers <email address hidden>  Mon, 08 Jun 2020 09:56:28 -0400

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Eoan
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
devel
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
sqlite3_3.29.0.orig-www.tar.xz 5.4 MiB 879d852db191f0a9ce0c65cc701e0a1eb6ed232eb112deb64c4288f17ded3a29
sqlite3_3.29.0.orig.tar.xz 6.7 MiB b0c904b6b04cd377f949e07561df6068614d1eb66a6abb99157750638f9e69c2
sqlite3_3.29.0-2ubuntu0.3.debian.tar.xz 39.3 KiB 1a6fd193ef954aa9f9c827d6598c99be5c293acae6d2bdb26dfe147a7e0aec24
sqlite3_3.29.0-2ubuntu0.3.dsc 2.5 KiB 2d583db830f03cf6e639009f262d4c73a8dacac288d6e503e29c922c7d47ead2

View changes file

Binary packages built by this source

lemon: No summary available for lemon in ubuntu eoan.

No description available for lemon in ubuntu eoan.

lemon-dbgsym: No summary available for lemon-dbgsym in ubuntu eoan.

No description available for lemon-dbgsym in ubuntu eoan.

libsqlite3-0: No summary available for libsqlite3-0 in ubuntu eoan.

No description available for libsqlite3-0 in ubuntu eoan.

libsqlite3-0-dbgsym: No summary available for libsqlite3-0-dbgsym in ubuntu eoan.

No description available for libsqlite3-0-dbgsym in ubuntu eoan.

libsqlite3-dev: No summary available for libsqlite3-dev in ubuntu eoan.

No description available for libsqlite3-dev in ubuntu eoan.

libsqlite3-tcl: No summary available for libsqlite3-tcl in ubuntu eoan.

No description available for libsqlite3-tcl in ubuntu eoan.

libsqlite3-tcl-dbgsym: No summary available for libsqlite3-tcl-dbgsym in ubuntu eoan.

No description available for libsqlite3-tcl-dbgsym in ubuntu eoan.

sqlite3: No summary available for sqlite3 in ubuntu eoan.

No description available for sqlite3 in ubuntu eoan.

sqlite3-dbgsym: No summary available for sqlite3-dbgsym in ubuntu eoan.

No description available for sqlite3-dbgsym in ubuntu eoan.

sqlite3-doc: No summary available for sqlite3-doc in ubuntu eoan.

No description available for sqlite3-doc in ubuntu eoan.