-
sqlite3 (3.29.0-2ubuntu0.3) eoan-security; urgency=medium
* SECURITY UPDATE: crash via SELECT statements with a nonexistent VIEW
- debian/patches/CVE-2019-19603-pre1.patch: break out the test for
writable shadow tables into a separate subroutine in src/alter.c,
src/build.c, src/delete.c, src/sqliteInt.h.
- debian/patches/CVE-2019-19603.patch: do not allow CREATE TABLE or
CREATE VIEW of an object with a name that looks like a shadow table
name in src/build.c, src/sqliteInt.h, test/altertab.test.
- CVE-2019-19603
* SECURITY UPDATE: infinite recursion via certain views
- debian/patches/CVE-2019-19645.patch: avoid infinite recursion in the
ALTER TABLE code when a view contains an unused CTE that references,
directly or indirectly, the view itself in src/alter.c,
src/build.c, src/sqliteInt.h, test/altertab3.test.
- CVE-2019-19645
* SECURITY UPDATE: DoS via malformed window-function query
- debian/patches/CVE-2020-11655-1.patch: remove two incorrect assert()
statements in src/select.c, test/colname.test.
- debian/patches/CVE-2020-11655-2.patch: in the event of error,
early-out in src/select.c, test/window1.test.
- debian/patches/CVE-2020-11655-3.patch: do not suppress errors when
resolving references in src/resolve.c, test/altertab.test.
- CVE-2020-11655
* SECURITY UPDATE: integer overflow in sqlite3_str_vappendf
- debian/patches/CVE-2020-13434.patch: limit the "precision" of
floating-point to text conversions in src/printf.c, test/printf.test.
- CVE-2020-13434
* SECURITY UPDATE: segmentation fault in sqlite3ExprCodeTarget
- debian/patches/CVE-2020-13435-pre1.patch: move some utility Walker
callbacks in src/expr.c, src/select.c, src/sqliteInt.h,
src/walker.c.
- debian/patches/CVE-2020-13435-1.patch: be sure to adjust the Expr.op2
field appropriately in src/resolve.c, src/window.c,
test/window1.test.
- debian/patches/CVE-2020-13435-2.patch: add defensive code in
src/expr.c.
- CVE-2020-13435
* SECURITY UPDATE: use-after-free in fts3EvalNextRow
- debian/patches/CVE-2020-13630.patch: add fix to ext/fts3/fts3.c,
test/fts3snippet.test.
- CVE-2020-13630
* SECURITY UPDATE: virtual table rename issue
- debian/patches/CVE-2020-13631.patch: do not allow a virtual table to
be renamed into the name of one of its shadows in src/alter.c,
src/build.c, src/sqliteInt.h.
- CVE-2020-13631
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2020-13632.patch: fix issue in
ext/fts3/fts3_snippet.c, test/fts3matchinfo2.test.
- CVE-2020-13632
-- Marc Deslauriers <email address hidden> Mon, 08 Jun 2020 09:56:28 -0400
-
sqlite3 (3.29.0-2ubuntu0.2) eoan-security; urgency=medium
* SECURITY UPDATE: more shadow table corruption
- debian/patches/CVE-2019-13734_50.patch: more improvements to shadow
table corruption detection in ext/fts3/fts3.c, ext/fts3/fts3Int.h,
ext/fts3/fts3_write.c.
- CVE-2019-13734
- CVE-2019-13750
* SECURITY UPDATE: corrupt records in fts3
- debian/patches/CVE-2019-13751-pre1.patch: detect and prevent infinite
recursion in fts3SelectLeaf() due to a malformed FTS3 btree in
ext/fts3/fts3.c, test/fts4aa.test.
- debian/patches/CVE-2019-13751.patch: improve detection of corrupt
records in ext/fts3/fts3.c, ext/fts3/fts3_write.c.
- CVE-2019-13751
* SECURITY UPDATE: shadow table corruption
- debian/patches/CVE-2019-13752.patch: improved detection of corrupt
shadow tables in ext/fts3/fts3.c, ext/fts3/fts3Int.h,
ext/fts3/fts3_write.c.
- CVE-2019-13752
* SECURITY UPDATE: out of bounds read
- debian/patches/CVE-2019-13753.patch: remove a reachable NEVER() in
ext/fts3/fts3_write.c.
- CVE-2019-13753
* SECURITY UPDATE: invalid pointer dereference
- debian/patches/CVE-2019-19880.patch: fully disable the constant value
to avoid an invalid pointer dereference in src/window.c.
- CVE-2019-19880
* SECURITY UPDATE: SELECT DISTINCT involving a LEFT JOIN issue
- debian/patches/CVE-2019-19923.patch: continue to back away from the
LEFT JOIN optimization of check-in by disallowing query flattening if
the outer query is DISTINCT in src/select.c, test/join.test.
- CVE-2019-19923
* SECURITY UPDATE: certain parser-tree rewriting mishandling
- debian/patches/CVE-2019-19924.patch: properly handle errors in
src/expr.c, src/vdbeaux.c, src/window.c.
- CVE-2019-19924
* SECURITY UPDATE: NULL pathname mishandling in zipfileUpdate
- debian/patches/CVE-2019-19925.patch: properly handle pathname in
ext/misc/zipfile.c, test/zipfile.test.
- CVE-2019-19925
* SECURITY UPDATE: multiSelect error handling issue
- debian/patches/CVE-2019-19926.patch: abort early due to prior errors
in src/select.c.
- CVE-2019-19926
* SECURITY UPDATE: embedded NULL filename mishandling
- debian/patches/CVE-2019-19959-1.patch: add test to test/zipfile.test.
- debian/patches/CVE-2019-19959-2.patch: handle filenames that contain
embedded zeros in ext/misc/zipfile.c.
- CVE-2019-19959
* SECURITY UPDATE: selectExpander stack unwinding issue
- debian/patches/CVE-2019-20218-pre1.patch: make sure the WITH stack in
the Parse object is disabled following an error in src/select.c,
src/util.c, test/with3.test.
- debian/patches/CVE-2019-20218.patch: do not attempt to unwind the
WITH stack in the Parse object following an error in src/select.c,
test/altertab3.test.
- CVE-2019-20218
* SECURITY UPDATE: NULL pointer deref via generated column optimizations
- debian/patches/CVE-2020-9327-1.patch: take care when checking the
table of a TK_COLUMN expression node in src/expr.c, src/sqliteInt.h,
src/whereexpr.c.
- debian/patches/CVE-2020-9327-2.patch: switch to better and smaller
solution in src/expr.c, src/sqliteInt.h, src/whereexpr.c.
- CVE-2020-9327
-- Marc Deslauriers <email address hidden> Tue, 03 Mar 2020 09:21:25 -0500
-
sqlite3 (3.29.0-2ubuntu0.1) eoan-security; urgency=medium
* SECURITY UPDATE: Mishandle pExpr
- debian/patches/CVE-2019-19242.patch: correctly handled
pExpr in src/expr.c.
- CVE-2019-19242
* SECURITY UPDATE: Denial of service (crash)
- debian/patches/CVE-2019-19244.patch: fix the crash
that happens if no check p->Win == 0 in src/select.c,
test1/window1.test.
- CVE-2019-19244
-- <email address hidden> (Leonidas S. Barbosa) Tue, 26 Nov 2019 15:43:50 -0300
-
sqlite3 (3.29.0-2) unstable; urgency=medium
* Backport upstream fix for division by zero in the query planner.
-- Laszlo Boszormenyi (GCS) <email address hidden> Thu, 15 Aug 2019 17:39:23 +0000
-
sqlite3 (3.29.0-1) unstable; urgency=medium
* New upstream release.
* Remove backported patches.
* Update libsqlite3-0 symbols.
-- Laszlo Boszormenyi (GCS) <email address hidden> Thu, 11 Jul 2019 17:16:18 +0000
-
sqlite3 (3.27.2-3) unstable; urgency=high
* Backport security related patches:
- CVE-2019-8457: heap out-of-bound read in the rtreenode() function when
handling invalid rtree tables,
- prevent aliases of window functions expressions from being used as
arguments to aggregate or other window functions (probably fixing
CVE-2019-5018) (closes: #928770),
- enforce the SQLITE_LIMIT_COLUMN limit on virtual tables (probably
fixing most of CVE-2019-5827),
- use the 64-bit memory allocator interfaces in extensions, whenever
possible (probably additional fix for CVE-2019-5827).
-- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 01 Jun 2019 15:38:52 +0000
-
sqlite3 (3.27.2-2) unstable; urgency=high
* Backport security related patches:
- use unsigned integers to count the number of pages in a freelist
during an integrity_check, to avoid any possibility of a signed integer
overflow,
- fix a crash that could occur if the RHS of an IN expression is a
correlated sub-query that refers to the outer query from within a
window frame definition only,
- ensure that ALTER TABLE commands open statement transactions,
- CVE-2019-9937: fix an fts5 problem with interleaving reads and writes
in a single transaction (closes: #925290),
- CVE-2019-9936: fix a buffer overread that could occur when running fts5
prefix queries inside a transaction (closes: #925289).
-- Laszlo Boszormenyi (GCS) <email address hidden> Tue, 19 Mar 2019 17:46:39 +0000
