-
sqlite3 (3.11.0-1ubuntu1.5) xenial-security; urgency=medium
* SECURITY UPDATE: integer overflow in sqlite3_str_vappendf
- debian/patches/CVE-2020-13434-pre1.patch: fix test/printf.test.
- debian/patches/CVE-2020-13434.patch: limit the "precision" of
floating-point to text conversions in src/printf.c, test/printf.test.
- CVE-2020-13434
* SECURITY UPDATE: use-after-free in fts3EvalNextRow
- debian/patches/CVE-2020-13630.patch: add fix to ext/fts3/fts3.c,
test/fts3snippet.test.
- CVE-2020-13630
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2020-13632.patch: fix issue in
ext/fts3/fts3_snippet.c, test/fts3matchinfo2.test.
- CVE-2020-13632
-- Marc Deslauriers <email address hidden> Mon, 08 Jun 2020 13:17:03 -0400
-
sqlite3 (3.11.0-1ubuntu1.4) xenial-security; urgency=medium
* SECURITY UPDATE: more shadow table corruption
- debian/patches/CVE-2019-13734_50.patch: more improvements to shadow
table corruption detection in ext/fts3/fts3.c, ext/fts3/fts3Int.h,
ext/fts3/fts3_write.c.
- CVE-2019-13734
- CVE-2019-13750
* SECURITY UPDATE: corrupt records in fts3
- debian/patches/CVE-2019-13751-pre1.patch: detect and prevent infinite
recursion in fts3SelectLeaf() due to a malformed FTS3 btree in
ext/fts3/fts3.c, test/fts4aa.test.
- debian/patches/CVE-2019-13751.patch: improve detection of corrupt
records in ext/fts3/fts3.c, ext/fts3/fts3_write.c.
- CVE-2019-13751
* SECURITY UPDATE: shadow table corruption
- debian/patches/CVE-2019-13752.patch: improved detection of corrupt
shadow tables in ext/fts3/fts3.c, ext/fts3/fts3Int.h,
ext/fts3/fts3_write.c.
- CVE-2019-13752
* SECURITY UPDATE: out of bounds read
- debian/patches/CVE-2019-13753.patch: remove a reachable NEVER() in
ext/fts3/fts3_write.c.
- CVE-2019-13753
* SECURITY UPDATE: multiSelect error handling issue
- debian/patches/CVE-2019-19926.patch: abort early due to prior errors
in src/select.c.
- CVE-2019-19926
* SECURITY UPDATE: selectExpander stack unwinding issue
- debian/patches/CVE-2019-20218-pre1.patch: make sure the WITH stack in
the Parse object is disabled following an error in src/select.c,
src/util.c, test/with3.test.
- debian/patches/CVE-2019-20218.patch: do not attempt to unwind the
WITH stack in the Parse object following an error in src/select.c,
test/altertab3.test.
- CVE-2019-20218
-- Marc Deslauriers <email address hidden> Tue, 03 Mar 2020 09:46:28 -0500
-
sqlite3 (3.11.0-1ubuntu1.3) xenial-security; urgency=medium
* SECURITY UPDATE: Severe division by zero
- debian/patches/CVE-2019-16168.patch: fix in
src/analyze.c, src/where.c, test/analyzeC.test.
- CVE-2019-16168
* SECURITY UPDATE: Heap corruption exploit
- debian/patches/CVE-2019-5827-*.patch: fix in
ext/fts3*, ext/rtree/geopoly.c, src/build.c,
src/expr.c, src/main.c, src/test_fs.c, src/util.c,
src/vdbeaux.c, src/vdbesort.c, src/vtab.c.
- CVE-2019-5827
-- <email address hidden> (Leonidas S. Barbosa) Thu, 28 Nov 2019 13:39:43 -0300
-
sqlite3 (3.11.0-1ubuntu1.2) xenial-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2016-6153-*.patch: change temp direcotry
search algorithm in src/os_unix.c.
- CVE-2016-6153
* SECURITY UPDATE: heap-base buffer over-read
- debian/patches/CVE-2017-10989.patch: enhance RTree
module in ext/rtree/rtree.c and added test in
ext/rtree/rtreeA.text.
- CVE-2017-10989
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2017-13685.patch: adds checks in
src/shell.c.
- CVE-2017-13685
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2017-2518.patch: prevent a use-after-free
in src/whereexpr.c.
- CVE-2017-2518
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2017-2519.patch: increase the size of
the reference count on table objects to 32bits in src/sqliteInt.h.
- CVE-2017-2519
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2017-2520.patch: add a check for pVal in
src/vdbemem.c
- CVE-2017-2520
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2018-20346-and-CVE-2018-20506.patch:
add extra defenses against strategically corrupt databases
in ext/fts3/fst3.c, ext/fts3/fts3_write.c, test/fts3corrupt4.test,
test/permutations.test.
- CVE-2018-20346
- CVE-2018-20506
* SECURITY UPDATE: heap out-of-bound read
- debian/patches/CVE-2019-8457.patch: enhance the
rtreenode() in ext/rtree/rtree.c.
- debian/patches/CVE-2019-8457-string-interface.patch:
add string interface in src/btree.c, src/build.c,
src/func.c, src/mutex.c, src/pragma.c, src/printf.c,
src/sqlite.h.in, src/sqliteInt.h, src/treeview.c,
src/vdbeaux.c, src/vdbetrace.c, src/wherecode.c.
- CVE-2019-8457
* security update: heap-buffer over-read
- debian/patches/cve-2019-9936.patch: add checks
in code in order to fix in ext/fts5/fts5_hash.c,
ext/fts5/test/fts5aa.test.
- CVE-2019-9936
* security update: NULL pointer dereference
- debian/patches/cve-2019-9937.patch: fix in
ext/fts5/fts5Int.h, ext/fts5/fts5_hash.c, ext/fts5/fts5_index.c,
ext/fts5/test/fts5aa.test.
- CVE-2019-9937
-- <email address hidden> (Leonidas S. Barbosa) Tue, 18 Jun 2019 09:42:23 -0300
-
sqlite3 (3.11.0-1ubuntu1.1) xenial-security; urgency=medium
* SECURITY UPDATE: Avoid segmentation fault while using a corrupted file.
- d/p/0001-Fix-a-parsing-issue-associated-with-a-corrupt-sqlite.patch:
Check if parser is busy before using it and raise an error if positive.
(LP: #1814869)
- d/p/0002-Better-error-message-text-when-the-schema-is-corrupt.patch:
Better message and additional checks.
- No CVE associated.
-- Paulo Flabiano Smorigo <email address hidden> Thu, 21 Feb 2019 16:35:05 +0100
-
sqlite3 (3.11.0-1ubuntu1) xenial; urgency=medium
* debian/rules: compile SQLite with SQLITE_ENABLE_FTS3_TOKENIZER to re-enable
the two-argument version of fts3_tokenizer() used by mediascanner2
(LP: #1546911)
-- Ćukasz 'sil2100' Zemczak <email address hidden> Fri, 19 Feb 2016 13:12:22 +0100
-
sqlite3 (3.11.0-1) unstable; urgency=low
* New upstream release.
* Compile with thread-safe option.
* Update squash-bad-deps patch.
-- Laszlo Boszormenyi (GCS) <email address hidden> Wed, 17 Feb 2016 23:08:31 +0100
-
sqlite3 (3.10.2-1) unstable; urgency=low
* New upstream, bugfix release.
-- Laszlo Boszormenyi (GCS) <email address hidden> Thu, 21 Jan 2016 01:21:10 +0100
-
sqlite3 (3.10.1-1) unstable; urgency=low
* New upstream, bugfix release.
-- Laszlo Boszormenyi (GCS) <email address hidden> Thu, 14 Jan 2016 21:20:48 +0100
-
sqlite3 (3.10.0-1) unstable; urgency=low
* New upstream release.
* Update patch for cross compilation.
* Use SQLITE_LIKE_DOESNT_MATCH_BLOBS compile-time option.
* Add two new symbols to library.
* Build and install sqldiff (closes: #806575).
-- Laszlo Boszormenyi (GCS) <email address hidden> Wed, 06 Jan 2016 21:15:46 +0100
-
sqlite3 (3.9.2-1) unstable; urgency=low
* New upstream release.
-- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 07 Nov 2015 19:54:52 +0100
-
sqlite3 (3.9.1-2) unstable; urgency=low
[ Helmut Grohne <email address hidden> ]
* Fix FTCBFS: Update 30-cross.patch to cover all lemon invocations
(closes: #802742).
-- Laszlo Boszormenyi (GCS) <email address hidden> Fri, 23 Oct 2015 07:45:27 +0200
-
sqlite3 (3.8.11.1-1) unstable; urgency=low
* New upstream, bugfix release.
-- Laszlo Boszormenyi (GCS) <email address hidden> Fri, 31 Jul 2015 15:21:25 +0000