Package "sqlite3"
Name: |
sqlite3
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- LALR(1) Parser Generator for C or C++
- SQLite 3 Tcl bindings
|
Latest version: |
3.22.0-1ubuntu0.7 |
Release: |
bionic (18.04) |
Level: |
security |
Repository: |
universe |
Links
Other versions of "sqlite3" in Bionic
Packages in group
Deleted packages are displayed in grey.
Changelog
sqlite3 (3.22.0-1ubuntu0.7) bionic-security; urgency=medium
* SECURITY UPDATE: array-bounds overflow via large string argument
- debian/patches/CVE-2022-35737.patch: increase the size of loop
variables in src/printf.c.
- CVE-2022-35737
-- Marc Deslauriers <email address hidden> Fri, 04 Nov 2022 09:14:10 -0400
|
Source diff to previous version |
CVE-2022-35737 |
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. |
|
sqlite3 (3.22.0-1ubuntu0.6) bionic-security; urgency=medium
* SECURITY UPDATE: null pointer dereference in INTERSEC query processing
- debian/patches/CVE-2020-35525.patch: early-out on the INTERSECT query
processing following an error in src/select.c.
- CVE-2020-35525
-- Marc Deslauriers <email address hidden> Wed, 14 Sep 2022 13:02:25 -0400
|
Source diff to previous version |
CVE-2020-35525 |
In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing. |
|
sqlite3 (3.22.0-1ubuntu0.5) bionic-security; urgency=medium
* SECURITY UPDATE: segmentation fault in idxGetTableInfo
- debian/patches/CVE-2021-36690.patch: perform validation
over the column to ensure it has collating sequence in
ext/expert/sqlite3expert.c
- CVE-2021-36690
-- David Fernandez Gonzalez <email address hidden> Thu, 28 Apr 2022 16:04:18 +0200
|
Source diff to previous version |
CVE-2021-36690 |
** DISPUTED ** A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there |
|
sqlite3 (3.22.0-1ubuntu0.4) bionic-security; urgency=medium
* SECURITY UPDATE: null pointer dereference
- debian/patches/CVE-2018-8740.patch: better error message text when
the schema is corrupted in src/build.c, src/prepare.c.
- CVE-2018-8740
* SECURITY UPDATE: integer overflow in sqlite3_str_vappendf
- debian/patches/CVE-2020-13434-pre1.patch: fix test/printf.test.
- debian/patches/CVE-2020-13434.patch: limit the "precision" of
floating-point to text conversions in src/printf.c, test/printf.test.
- CVE-2020-13434
* SECURITY UPDATE: use-after-free in fts3EvalNextRow
- debian/patches/CVE-2020-13630.patch: add fix to ext/fts3/fts3.c,
test/fts3snippet.test.
- CVE-2020-13630
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2020-13632.patch: fix issue in
ext/fts3/fts3_snippet.c, test/fts3matchinfo2.test.
- CVE-2020-13632
-- Marc Deslauriers <email address hidden> Mon, 08 Jun 2020 11:07:38 -0400
|
Source diff to previous version |
CVE-2018-8740 |
In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to bu |
CVE-2020-13434 |
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. |
CVE-2020-13630 |
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. |
CVE-2020-13632 |
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. |
|
sqlite3 (3.22.0-1ubuntu0.3) bionic-security; urgency=medium
* SECURITY UPDATE: more shadow table corruption
- debian/patches/CVE-2019-13734_50.patch: more improvements to shadow
table corruption detection in ext/fts3/fts3.c, ext/fts3/fts3Int.h,
ext/fts3/fts3_write.c.
- CVE-2019-13734
- CVE-2019-13750
* SECURITY UPDATE: corrupt records in fts3
- debian/patches/CVE-2019-13751-pre1.patch: detect and prevent infinite
recursion in fts3SelectLeaf() due to a malformed FTS3 btree in
ext/fts3/fts3.c, test/fts4aa.test.
- debian/patches/CVE-2019-13751.patch: improve detection of corrupt
records in ext/fts3/fts3.c, ext/fts3/fts3_write.c.
- CVE-2019-13751
* SECURITY UPDATE: shadow table corruption
- debian/patches/CVE-2019-13752.patch: improved detection of corrupt
shadow tables in ext/fts3/fts3.c, ext/fts3/fts3Int.h,
ext/fts3/fts3_write.c.
- CVE-2019-13752
* SECURITY UPDATE: out of bounds read
- debian/patches/CVE-2019-13753.patch: remove a reachable NEVER() in
ext/fts3/fts3_write.c.
- CVE-2019-13753
* SECURITY UPDATE: SELECT DISTINCT involving a LEFT JOIN issue
- debian/patches/CVE-2019-19923.patch: continue to back away from the
LEFT JOIN optimization of check-in by disallowing query flattening if
the outer query is DISTINCT in src/select.c, test/join.test.
- CVE-2019-19923
* SECURITY UPDATE: certain parser-tree rewriting mishandling
- debian/patches/CVE-2019-19924.patch: properly handle errors in
src/expr.c, src/vdbeaux.c, src/window.c.
- CVE-2019-19924
* SECURITY UPDATE: NULL pathname mishandling in zipfileUpdate
- debian/patches/CVE-2019-19925.patch: properly handle pathname in
ext/misc/zipfile.c.
- CVE-2019-19925
* SECURITY UPDATE: multiSelect error handling issue
- debian/patches/CVE-2019-19926.patch: abort early due to prior errors
in src/select.c.
- CVE-2019-19926
* SECURITY UPDATE: embedded NULL filename mishandling
- debian/patches/CVE-2019-19959.patch: handle filenames that contain
embedded zeros in ext/misc/zipfile.c.
- CVE-2019-19959
* SECURITY UPDATE: selectExpander stack unwinding issue
- debian/patches/CVE-2019-20218-pre1.patch: make sure the WITH stack in
the Parse object is disabled following an error in src/select.c,
src/util.c, test/with3.test.
- debian/patches/CVE-2019-20218.patch: do not attempt to unwind the
WITH stack in the Parse object following an error in src/select.c,
test/altertab3.test.
- CVE-2019-20218
* SECURITY UPDATE: NULL pointer deref via generated column optimizations
- debian/patches/CVE-2020-9327.patch: take care when checking the
table of a TK_COLUMN expression node src/sqliteInt.h,
src/whereexpr.c.
-- Marc Deslauriers <email address hidden> Tue, 03 Mar 2020 09:20:41 -0500
|
CVE-2019-13734 |
Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted H |
CVE-2019-13750 |
Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a cra |
CVE-2019-13751 |
Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from proces |
CVE-2019-13752 |
Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from proces |
CVE-2019-13753 |
Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from proces |
CVE-2019-19923 |
flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. |
CVE-2019-19924 |
SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite( |
CVE-2019-19925 |
zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. |
CVE-2019-19926 |
multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: |
CVE-2019-19959 |
ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to |
CVE-2019-20218 |
selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error. |
CVE-2020-9327 |
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column o |
|
About
-
Send Feedback to @ubuntu_updates