Change logs for sqlite3 source package in Focal

  • sqlite3 (3.31.1-4ubuntu0.6) focal-security; urgency=medium
    
      * SECURITY UPDATE: heap overflow in sessionReadRecord
        - debian/patches/CVE-2023-7104.patch: fix a buffer overread in the
          sessions extension that could occur when processing a corrupt
          changeset in ext/session/sqlite3session.c.
        - CVE-2023-7104
    
     -- Marc Deslauriers <email address hidden>  Tue, 02 Jan 2024 10:07:14 -0500
  • sqlite3 (3.31.1-4ubuntu0.5) focal-security; urgency=medium
    
      * SECURITY UPDATE: array-bounds overflow via large string argument
        - debian/patches/CVE-2022-35737.patch: increase the size of loop
          variables in src/printf.c.
        - CVE-2022-35737
    
     -- Marc Deslauriers <email address hidden>  Fri, 04 Nov 2022 09:12:40 -0400
  • sqlite3 (3.31.1-4ubuntu0.4) focal-security; urgency=medium
    
      * SECURITY UPDATE: null pointer dereference in INTERSEC query processing
        - debian/patches/CVE-2020-35525.patch: early-out on the INTERSECT query
          processing following an error in src/select.c.
        - CVE-2020-35525
      * SECURITY UPDATE: out of bounds access problem
        - debian/patches/CVE-2020-35527.patch: fix a problem with ALTER TABLE
          for views that have a nested FROM clause in src/select.c,
          test/altertab.test.
        - CVE-2020-35527
      * SECURITY UPDATE: unicode61 tokenizer nul character mishandling
        - debian/patches/CVE-2021-20223.patch: prevent fts5 tokenizer unicode61
          from considering '\0' to be  a token characters, even if other
          characters of class "Cc" are in ext/fts5/fts5_unicode2.c,
          ext/fts5/test/fts5tok1.test.
        - CVE-2021-20223
    
     -- Marc Deslauriers <email address hidden>  Wed, 14 Sep 2022 12:44:43 -0400
  • sqlite3 (3.31.1-4ubuntu0.3) focal-security; urgency=medium
    
      * SECURITY UPDATE: segmentation fault in idxGetTableInfo
        - debian/patches/CVE-2021-36690.patch: perform validation
          over the column to ensure it has collating sequence in
          ext/expert/sqlite3expert.c
        - CVE-2021-36690
    
     -- David Fernandez Gonzalez <email address hidden>  Thu, 28 Apr 2022 15:24:31 +0200
  • sqlite3 (3.31.1-4ubuntu0.2) focal-security; urgency=medium
    
      * SECURITY UPDATE: multiSelectOrderBy heap overflow
        - debian/patches/CVE-2020-15358.patch: fix defect in the
          query-flattener optimization in src/select.c, src/sqliteInt.h,
          test/selectA.test.
        - CVE-2020-15358
    
     -- Marc Deslauriers <email address hidden>  Thu, 23 Jul 2020 13:36:13 -0400
  • sqlite3 (3.31.1-4ubuntu0.1) focal-security; urgency=medium
    
      * SECURITY UPDATE: DoS via malformed window-function query
        - debian/patches/CVE-2020-11655-2.patch: in the event of error,
          early-out in src/select.c, test/window1.test.
        - debian/patches/CVE-2020-11655-3.patch: do not suppress errors when
          resolving references in src/resolve.c, test/altertab.test.
        - CVE-2020-11655
      * SECURITY UPDATE: integer overflow in sqlite3_str_vappendf
        - debian/patches/CVE-2020-13434.patch: limit the "precision" of
          floating-point to text conversions in src/printf.c, test/printf.test.
        - CVE-2020-13434
      * SECURITY UPDATE: segmentation fault in sqlite3ExprCodeTarget
        - debian/patches/CVE-2020-13435-pre1.patch: move some utility Walker
          callbacks in src/expr.c, src/select.c, src/sqliteInt.h,
          src/walker.c.
        - debian/patches/CVE-2020-13435-1.patch: be sure to adjust the Expr.op2
          field appropriately in src/resolve.c, src/window.c,
          test/window1.test.
        - debian/patches/CVE-2020-13435-2.patch: add defensive code in
          src/expr.c.
        - CVE-2020-13435
      * SECURITY UPDATE: use-after-free in fts3EvalNextRow
        - debian/patches/CVE-2020-13630.patch: add fix to ext/fts3/fts3.c,
          test/fts3snippet.test.
        - CVE-2020-13630
      * SECURITY UPDATE: virtual table rename issue
        - debian/patches/CVE-2020-13631.patch: do not allow a virtual table to
          be renamed into the name of one of its shadows in src/alter.c,
          src/build.c, src/sqliteInt.h.
        - CVE-2020-13631
      * SECURITY UPDATE: NULL pointer dereference
        - debian/patches/CVE-2020-13632.patch: fix issue in
          ext/fts3/fts3_snippet.c, test/fts3matchinfo2.test.
        - CVE-2020-13632
    
     -- Marc Deslauriers <email address hidden>  Mon, 08 Jun 2020 08:43:24 -0400
  • sqlite3 (3.31.1-4) unstable; urgency=medium
    
      * Backport upstream fix for problems in the constant propagation
        optimization.
    
     -- Laszlo Boszormenyi (GCS) <email address hidden>  Thu, 05 Mar 2020 19:05:04 +0000
  • sqlite3 (3.31.1-3) unstable; urgency=high
    
      * Backport upstream security fixes for CVE-2020-9327: segmentation fault in
        isAuxiliaryVtabOperator() (closes: #951835).
    
      [ Kari Pahula <email address hidden> ]
      * Provide sqldiff.1 manpage (closes: #861670).
    
     -- Laszlo Boszormenyi (GCS) <email address hidden>  Sat, 22 Feb 2020 10:43:26 +0000
  • sqlite3 (3.31.1-1ubuntu1) focal; urgency=medium
    
      * Cherrypick two patches from 3.31 branch to fix 3.31.1 regressions.
      * Cherrypick s390 regression patch from master, fixes segfaults on s390x.
    
     -- Dimitri John Ledkov <email address hidden>  Fri, 07 Feb 2020 12:20:02 +0000
  • sqlite3 (3.31.1-1) unstable; urgency=medium
    
      * New upstream release.
      * Update libsqlite3-0 symbols.
    
     -- Laszlo Boszormenyi (GCS) <email address hidden>  Thu, 30 Jan 2020 23:34:30 +0000
  • sqlite3 (3.30.1-1ubuntu1) focal; urgency=medium
    
      * SECURITY UPDATE: Mishandle pExpr
        - debian/patches/CVE-2019-19242.patch: correctly handled
          pExpr in src/expr.c.
        - CVE-2019-19242
      * SECURITY UPDATE: Denial of service (crash)
        - debian/patches/CVE-2019-19244.patch: fix the crash
          that happens if no check p->Win == 0 in src/select.c,
          test1/window1.test.
        - CVE-2019-19244
    
     -- <email address hidden> (Leonidas S. Barbosa)  Tue, 03 Dec 2019 11:41:26 -0300
  • sqlite3 (3.30.1-1) unstable; urgency=medium
    
      * New upstream release.
    
     -- Laszlo Boszormenyi (GCS) <email address hidden>  Sat, 12 Oct 2019 20:49:33 +0000
  • sqlite3 (3.29.0-2) unstable; urgency=medium
    
      * Backport upstream fix for division by zero in the query planner.
    
     -- Laszlo Boszormenyi (GCS) <email address hidden>  Thu, 15 Aug 2019 17:39:23 +0000