UbuntuUpdates.org

Package "sqlite3"

Name: sqlite3

Description:

Command line interface for SQLite 3
Latest version: 3.37.2-2ubuntu0.3
Release: jammy (22.04)
Level: security
Repository: main
Homepage: https://www.sqlite.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "sqlite3"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "sqlite3" in Jammy

Repository Area Version
base main 3.37.2-2
base universe 3.37.2-2
security universe 3.37.2-2ubuntu0.3
updates main 3.37.2-2ubuntu0.3
updates universe 3.37.2-2ubuntu0.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.37.2-2ubuntu0.3 2024-01-03 20:07:56 UTC

  sqlite3 (3.37.2-2ubuntu0.3) jammy-security; urgency=medium

  * SECURITY UPDATE: azProhibitedFunctions protection mechanism issue when
    using --safe
    - debian/patches/50-Fix_safe_mode_authorizer_callback.patch: make sure
      that safe mode rejects certain UDFs in src/shell.c.in,
      test/shell2.test.
    - CVE-2022-46908
  * SECURITY UPDATE: heap overflow in sessionReadRecord
    - debian/patches/CVE-2023-7104.patch: fix a buffer overread in the
      sessions extension that could occur when processing a corrupt
      changeset in ext/session/sqlite3session.c.
    - CVE-2023-7104

 -- Marc Deslauriers <email address hidden> Tue, 02 Jan 2024 09:41:49 -0500
Source diff to previous version
CVE-2022-46908 SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protect
CVE-2023-7104 A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ex

Version: 3.37.2-2ubuntu0.1 2022-11-07 18:06:33 UTC

  sqlite3 (3.37.2-2ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: array-bounds overflow via large string argument
    - debian/patches/CVE-2022-35737.patch: increase the size of loop
      variables in src/printf.c.
    - CVE-2022-35737

 -- Marc Deslauriers <email address hidden> Fri, 04 Nov 2022 09:09:13 -0400
CVE-2022-35737 SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.


About   -   Send Feedback to @ubuntu_updates