UbuntuUpdates.org

Package "sqlite3"

Name: sqlite3

Description:

Command line interface for SQLite 3
Latest version: 3.46.1-3ubuntu0.3
Release: plucky (25.04)
Level: security
Repository: main
Homepage: https://www.sqlite.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "sqlite3"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "sqlite3" in Plucky

Repository Area Version
base main 3.46.1-3
base universe 3.46.1-3
security universe 3.46.1-3ubuntu0.3
updates main 3.46.1-3ubuntu0.3
updates universe 3.46.1-3ubuntu0.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.46.1-3ubuntu0.3 2025-09-15 19:08:18 UTC

  sqlite3 (3.46.1-3ubuntu0.3) plucky-security; urgency=medium

  * SECURITY UPDATE: integer overflow in FTS5 extension
    - debian/patches/CVE-2025-7709.patch: optimize allocation of large
      tombstone arrays in fts5 in ext/fts5/fts5_index.c.
    - CVE-2025-7709

 -- Marc Deslauriers <email address hidden> Thu, 11 Sep 2025 14:03:41 -0400
Source diff to previous version
CVE-2025-7709 An integer overflow exists in the FTS5 https://sqlite.org/fts5.html  extension. It occurs when the size of an array of tombstone pointers is calcula

Version: 3.46.1-3ubuntu0.2 2025-07-29 18:06:47 UTC

  sqlite3 (3.46.1-3ubuntu0.2) plucky-security; urgency=medium

  * SECURITY UPDATE: Memory corruption via number of aggregate terms
    - debian/patches/CVE-2025-6965.patch: raise an error right away if the
      number of aggregate terms in a query exceeds the maximum number of
      columns in src/expr.c, src/sqliteInt.h.
    - CVE-2025-6965

 -- Marc Deslauriers <email address hidden> Fri, 18 Jul 2025 10:53:51 -0400
Source diff to previous version
CVE-2025-6965 There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This

Version: 3.46.1-3ubuntu0.1 2025-05-22 19:07:40 UTC

  sqlite3 (3.46.1-3ubuntu0.1) plucky-security; urgency=medium

  * SECURITY UPDATE: DoS via sqlite3_db_config arguments
    - debian/patches/CVE-2025-29088.patch: harden SQLITE_DBCONFIG_LOOKASIDE
      interface against misuse in src/main.c, src/sqlite.h.in.
    - CVE-2025-29088

 -- Marc Deslauriers <email address hidden> Tue, 29 Apr 2025 11:33:20 -0400
CVE-2025-29088 In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash


About   -   Send Feedback to @ubuntu_updates