Ubuntu
sqlite3 package

sqlite3 3.29.0-2ubuntu0.2 source package in Ubuntu

Changelog

sqlite3 (3.29.0-2ubuntu0.2) eoan-security; urgency=medium

  * SECURITY UPDATE: more shadow table corruption
    - debian/patches/CVE-2019-13734_50.patch: more improvements to shadow
      table corruption detection in ext/fts3/fts3.c, ext/fts3/fts3Int.h,
      ext/fts3/fts3_write.c.
    - CVE-2019-13734
    - CVE-2019-13750
  * SECURITY UPDATE: corrupt records in fts3
    - debian/patches/CVE-2019-13751-pre1.patch: detect and prevent infinite
      recursion in fts3SelectLeaf() due to a malformed FTS3 btree in
      ext/fts3/fts3.c, test/fts4aa.test.
    - debian/patches/CVE-2019-13751.patch: improve detection of corrupt
      records in ext/fts3/fts3.c, ext/fts3/fts3_write.c.
    - CVE-2019-13751
  * SECURITY UPDATE: shadow table corruption
    - debian/patches/CVE-2019-13752.patch: improved detection of corrupt
      shadow tables in ext/fts3/fts3.c, ext/fts3/fts3Int.h,
      ext/fts3/fts3_write.c.
    - CVE-2019-13752
  * SECURITY UPDATE: out of bounds read
    - debian/patches/CVE-2019-13753.patch: remove a reachable NEVER() in
      ext/fts3/fts3_write.c.
    - CVE-2019-13753
  * SECURITY UPDATE: invalid pointer dereference
    - debian/patches/CVE-2019-19880.patch: fully disable the constant value
      to avoid an invalid pointer dereference in src/window.c.
    - CVE-2019-19880
  * SECURITY UPDATE: SELECT DISTINCT involving a LEFT JOIN issue
    - debian/patches/CVE-2019-19923.patch: continue to back away from the
      LEFT JOIN optimization of check-in by disallowing query flattening if
      the outer query is DISTINCT in src/select.c, test/join.test.
    - CVE-2019-19923
  * SECURITY UPDATE: certain parser-tree rewriting mishandling
    - debian/patches/CVE-2019-19924.patch: properly handle errors in
      src/expr.c, src/vdbeaux.c, src/window.c.
    - CVE-2019-19924
  * SECURITY UPDATE: NULL pathname mishandling in zipfileUpdate
    - debian/patches/CVE-2019-19925.patch: properly handle pathname in
      ext/misc/zipfile.c, test/zipfile.test.
    - CVE-2019-19925
  * SECURITY UPDATE: multiSelect error handling issue
    - debian/patches/CVE-2019-19926.patch: abort early due to prior errors
      in src/select.c.
    - CVE-2019-19926
  * SECURITY UPDATE: embedded NULL filename mishandling
    - debian/patches/CVE-2019-19959-1.patch: add test to test/zipfile.test.
    - debian/patches/CVE-2019-19959-2.patch: handle filenames that contain
      embedded zeros in ext/misc/zipfile.c.
    - CVE-2019-19959
  * SECURITY UPDATE: selectExpander stack unwinding issue
    - debian/patches/CVE-2019-20218-pre1.patch: make sure the WITH stack in
      the Parse object is disabled following an error in src/select.c,
      src/util.c, test/with3.test.
    - debian/patches/CVE-2019-20218.patch: do not attempt to unwind the
      WITH stack in the Parse object following an error in src/select.c,
      test/altertab3.test.
    - CVE-2019-20218
  * SECURITY UPDATE: NULL pointer deref via generated column optimizations
    - debian/patches/CVE-2020-9327-1.patch: take care when checking the
      table of a TK_COLUMN expression node in src/expr.c, src/sqliteInt.h,
      src/whereexpr.c.
    - debian/patches/CVE-2020-9327-2.patch: switch to better and smaller
      solution in src/expr.c, src/sqliteInt.h, src/whereexpr.c.
    - CVE-2020-9327

 -- Marc Deslauriers <email address hidden>  Tue, 03 Mar 2020 09:21:25 -0500

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Eoan
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
devel
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
sqlite3_3.29.0.orig-www.tar.xz 5.4 MiB 879d852db191f0a9ce0c65cc701e0a1eb6ed232eb112deb64c4288f17ded3a29
sqlite3_3.29.0.orig.tar.xz 6.7 MiB b0c904b6b04cd377f949e07561df6068614d1eb66a6abb99157750638f9e69c2
sqlite3_3.29.0-2ubuntu0.2.debian.tar.xz 30.4 KiB 68e4e1b8ddbd84d0e4abea4507035d8ec9330ebcc4b1615543e4ac78bde0a73e
sqlite3_3.29.0-2ubuntu0.2.dsc 2.5 KiB 2e772824d9eae4903bbc34d3c49ccaf4c3790dc063c374b3ab54dedc4ffe8513

View changes file

Binary packages built by this source

lemon: No summary available for lemon in ubuntu eoan.

No description available for lemon in ubuntu eoan.

lemon-dbgsym: No summary available for lemon-dbgsym in ubuntu eoan.

No description available for lemon-dbgsym in ubuntu eoan.

libsqlite3-0: No summary available for libsqlite3-0 in ubuntu eoan.

No description available for libsqlite3-0 in ubuntu eoan.

libsqlite3-0-dbgsym: No summary available for libsqlite3-0-dbgsym in ubuntu eoan.

No description available for libsqlite3-0-dbgsym in ubuntu eoan.

libsqlite3-dev: No summary available for libsqlite3-dev in ubuntu eoan.

No description available for libsqlite3-dev in ubuntu eoan.

libsqlite3-tcl: No summary available for libsqlite3-tcl in ubuntu eoan.

No description available for libsqlite3-tcl in ubuntu eoan.

libsqlite3-tcl-dbgsym: No summary available for libsqlite3-tcl-dbgsym in ubuntu eoan.

No description available for libsqlite3-tcl-dbgsym in ubuntu eoan.

sqlite3: No summary available for sqlite3 in ubuntu eoan.

No description available for sqlite3 in ubuntu eoan.

sqlite3-dbgsym: No summary available for sqlite3-dbgsym in ubuntu eoan.

No description available for sqlite3-dbgsym in ubuntu eoan.

sqlite3-doc: No summary available for sqlite3-doc in ubuntu eoan.

No description available for sqlite3-doc in ubuntu eoan.