Format: 1.8 Date: Tue, 03 Mar 2020 09:21:25 -0500 Source: sqlite3 Binary: lemon libsqlite3-0 libsqlite3-dev libsqlite3-tcl sqlite3 Architecture: ppc64el Version: 3.29.0-2ubuntu0.2 Distribution: eoan Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: lemon - LALR(1) Parser Generator for C or C++ libsqlite3-0 - SQLite 3 shared library libsqlite3-dev - SQLite 3 development files libsqlite3-tcl - SQLite 3 Tcl bindings sqlite3 - Command line interface for SQLite 3 Changes: sqlite3 (3.29.0-2ubuntu0.2) eoan-security; urgency=medium . * SECURITY UPDATE: more shadow table corruption - debian/patches/CVE-2019-13734_50.patch: more improvements to shadow table corruption detection in ext/fts3/fts3.c, ext/fts3/fts3Int.h, ext/fts3/fts3_write.c. - CVE-2019-13734 - CVE-2019-13750 * SECURITY UPDATE: corrupt records in fts3 - debian/patches/CVE-2019-13751-pre1.patch: detect and prevent infinite recursion in fts3SelectLeaf() due to a malformed FTS3 btree in ext/fts3/fts3.c, test/fts4aa.test. - debian/patches/CVE-2019-13751.patch: improve detection of corrupt records in ext/fts3/fts3.c, ext/fts3/fts3_write.c. - CVE-2019-13751 * SECURITY UPDATE: shadow table corruption - debian/patches/CVE-2019-13752.patch: improved detection of corrupt shadow tables in ext/fts3/fts3.c, ext/fts3/fts3Int.h, ext/fts3/fts3_write.c. - CVE-2019-13752 * SECURITY UPDATE: out of bounds read - debian/patches/CVE-2019-13753.patch: remove a reachable NEVER() in ext/fts3/fts3_write.c. - CVE-2019-13753 * SECURITY UPDATE: invalid pointer dereference - debian/patches/CVE-2019-19880.patch: fully disable the constant value to avoid an invalid pointer dereference in src/window.c. - CVE-2019-19880 * SECURITY UPDATE: SELECT DISTINCT involving a LEFT JOIN issue - debian/patches/CVE-2019-19923.patch: continue to back away from the LEFT JOIN optimization of check-in by disallowing query flattening if the outer query is DISTINCT in src/select.c, test/join.test. - CVE-2019-19923 * SECURITY UPDATE: certain parser-tree rewriting mishandling - debian/patches/CVE-2019-19924.patch: properly handle errors in src/expr.c, src/vdbeaux.c, src/window.c. - CVE-2019-19924 * SECURITY UPDATE: NULL pathname mishandling in zipfileUpdate - debian/patches/CVE-2019-19925.patch: properly handle pathname in ext/misc/zipfile.c, test/zipfile.test. - CVE-2019-19925 * SECURITY UPDATE: multiSelect error handling issue - debian/patches/CVE-2019-19926.patch: abort early due to prior errors in src/select.c. - CVE-2019-19926 * SECURITY UPDATE: embedded NULL filename mishandling - debian/patches/CVE-2019-19959-1.patch: add test to test/zipfile.test. - debian/patches/CVE-2019-19959-2.patch: handle filenames that contain embedded zeros in ext/misc/zipfile.c. - CVE-2019-19959 * SECURITY UPDATE: selectExpander stack unwinding issue - debian/patches/CVE-2019-20218-pre1.patch: make sure the WITH stack in the Parse object is disabled following an error in src/select.c, src/util.c, test/with3.test. - debian/patches/CVE-2019-20218.patch: do not attempt to unwind the WITH stack in the Parse object following an error in src/select.c, test/altertab3.test. - CVE-2019-20218 * SECURITY UPDATE: NULL pointer deref via generated column optimizations - debian/patches/CVE-2020-9327-1.patch: take care when checking the table of a TK_COLUMN expression node in src/expr.c, src/sqliteInt.h, src/whereexpr.c. - debian/patches/CVE-2020-9327-2.patch: switch to better and smaller solution in src/expr.c, src/sqliteInt.h, src/whereexpr.c. - CVE-2020-9327 Checksums-Sha1: c3706933c2af778ed4c1dd83cbb3901d5a2ceaac 88360 lemon-dbgsym_3.29.0-2ubuntu0.2_ppc64el.ddeb a830197242aa5c9f1bae54d29e78bb42da86fac4 61472 lemon_3.29.0-2ubuntu0.2_ppc64el.deb e41c529499d29f74db7a304643f4cb8f1d6da216 1896292 libsqlite3-0-dbgsym_3.29.0-2ubuntu0.2_ppc64el.ddeb f8363331deb4a0e6c5d1720568ba9f90d814dac4 564916 libsqlite3-0_3.29.0-2ubuntu0.2_ppc64el.deb 67e07ded594a6460d35936c8c8c1586c34d91d59 710636 libsqlite3-dev_3.29.0-2ubuntu0.2_ppc64el.deb 169a4fa69f56530efdef0f98d7dc27106a64c49b 69640 libsqlite3-tcl-dbgsym_3.29.0-2ubuntu0.2_ppc64el.ddeb 9e5b8d280b1548c81df248878bf7547baa785c8f 24164 libsqlite3-tcl_3.29.0-2ubuntu0.2_ppc64el.deb e14266f5de627aad02356a262c77e5f3995e0d0b 4202472 sqlite3-dbgsym_3.29.0-2ubuntu0.2_ppc64el.ddeb e4f5a3c0cb8c79e9077000878cc412eff249f4b1 7593 sqlite3_3.29.0-2ubuntu0.2_ppc64el.buildinfo e565fad6b1c15b984021bdffe8ea8e1c1779d46b 883220 sqlite3_3.29.0-2ubuntu0.2_ppc64el.deb Checksums-Sha256: 6e88d810a1fa1694a2f6df11b878c7c8592f10d9ddeb1ff7bd80b2b5a447ac28 88360 lemon-dbgsym_3.29.0-2ubuntu0.2_ppc64el.ddeb a4f433ea19ab8d7019b5adb5ba06145679758d25aa4bfffb3af3268f57bc1186 61472 lemon_3.29.0-2ubuntu0.2_ppc64el.deb b20282454dcad656a94fb65cb8d23ac01de8fd3ba39ddeaf369a0f5eb6ba78ac 1896292 libsqlite3-0-dbgsym_3.29.0-2ubuntu0.2_ppc64el.ddeb d80fb2a8a3869af6afee6e2fba2ad329ac35944a3f7353f3394d34dc350b1256 564916 libsqlite3-0_3.29.0-2ubuntu0.2_ppc64el.deb 5c31935793b43c2838cebd298b90c7c7eaaaae1477d17d169e63064406486a63 710636 libsqlite3-dev_3.29.0-2ubuntu0.2_ppc64el.deb 3fedcfa905f5d0a3d1e0489b0f38c120aa07af05a5f9dead3bd0cabf7c31abc2 69640 libsqlite3-tcl-dbgsym_3.29.0-2ubuntu0.2_ppc64el.ddeb e5e523d50ec0d520840622a2c8327abc6973c46ebece322518734e06119b75de 24164 libsqlite3-tcl_3.29.0-2ubuntu0.2_ppc64el.deb 6b754dc1adea79bb75c69c49e03d19a43cb1cf2c870dd5909de6edcef14d39de 4202472 sqlite3-dbgsym_3.29.0-2ubuntu0.2_ppc64el.ddeb d03c2d4bb907e7a2c2cf487d32b23ff6b2675f7311dff9f16ff3c078642df21f 7593 sqlite3_3.29.0-2ubuntu0.2_ppc64el.buildinfo 0f6e9f50b962d0b5f770433c2d522748308dbca09e706087ef54da602a98efc6 883220 sqlite3_3.29.0-2ubuntu0.2_ppc64el.deb Files: 474629ea776224af2a1dde8d4e80c3dd 88360 debug optional lemon-dbgsym_3.29.0-2ubuntu0.2_ppc64el.ddeb e8891a768b18821c65ddef6ba963f9f9 61472 devel optional lemon_3.29.0-2ubuntu0.2_ppc64el.deb 366ec6e8011b670d5e08e416ca5cd2b4 1896292 debug optional libsqlite3-0-dbgsym_3.29.0-2ubuntu0.2_ppc64el.ddeb feeaee63528cec04057465f71e8c5bdc 564916 libs optional libsqlite3-0_3.29.0-2ubuntu0.2_ppc64el.deb c2e007562716246f36157cbc41e9338c 710636 libdevel optional libsqlite3-dev_3.29.0-2ubuntu0.2_ppc64el.deb 713e958ab718c935a1e2bb5c367fee56 69640 debug optional libsqlite3-tcl-dbgsym_3.29.0-2ubuntu0.2_ppc64el.ddeb 601c9de5f152065f8b4e04c7773ffb28 24164 interpreters optional libsqlite3-tcl_3.29.0-2ubuntu0.2_ppc64el.deb a0b219ae06b045d1d15250de2a334875 4202472 debug optional sqlite3-dbgsym_3.29.0-2ubuntu0.2_ppc64el.ddeb c7b932dd189f210562bb1c581724e662 7593 devel optional sqlite3_3.29.0-2ubuntu0.2_ppc64el.buildinfo 420ad6d27d58b11cbc92f1b4b6795dcc 883220 database optional sqlite3_3.29.0-2ubuntu0.2_ppc64el.deb Original-Maintainer: Laszlo Boszormenyi (GCS)