sqlite3 3.22.0-1ubuntu0.3 source package in Ubuntu
Changelog
sqlite3 (3.22.0-1ubuntu0.3) bionic-security; urgency=medium
* SECURITY UPDATE: more shadow table corruption
- debian/patches/CVE-2019-13734_50.patch: more improvements to shadow
table corruption detection in ext/fts3/fts3.c, ext/fts3/fts3Int.h,
ext/fts3/fts3_write.c.
- CVE-2019-13734
- CVE-2019-13750
* SECURITY UPDATE: corrupt records in fts3
- debian/patches/CVE-2019-13751-pre1.patch: detect and prevent infinite
recursion in fts3SelectLeaf() due to a malformed FTS3 btree in
ext/fts3/fts3.c, test/fts4aa.test.
- debian/patches/CVE-2019-13751.patch: improve detection of corrupt
records in ext/fts3/fts3.c, ext/fts3/fts3_write.c.
- CVE-2019-13751
* SECURITY UPDATE: shadow table corruption
- debian/patches/CVE-2019-13752.patch: improved detection of corrupt
shadow tables in ext/fts3/fts3.c, ext/fts3/fts3Int.h,
ext/fts3/fts3_write.c.
- CVE-2019-13752
* SECURITY UPDATE: out of bounds read
- debian/patches/CVE-2019-13753.patch: remove a reachable NEVER() in
ext/fts3/fts3_write.c.
- CVE-2019-13753
* SECURITY UPDATE: SELECT DISTINCT involving a LEFT JOIN issue
- debian/patches/CVE-2019-19923.patch: continue to back away from the
LEFT JOIN optimization of check-in by disallowing query flattening if
the outer query is DISTINCT in src/select.c, test/join.test.
- CVE-2019-19923
* SECURITY UPDATE: certain parser-tree rewriting mishandling
- debian/patches/CVE-2019-19924.patch: properly handle errors in
src/expr.c, src/vdbeaux.c, src/window.c.
- CVE-2019-19924
* SECURITY UPDATE: NULL pathname mishandling in zipfileUpdate
- debian/patches/CVE-2019-19925.patch: properly handle pathname in
ext/misc/zipfile.c.
- CVE-2019-19925
* SECURITY UPDATE: multiSelect error handling issue
- debian/patches/CVE-2019-19926.patch: abort early due to prior errors
in src/select.c.
- CVE-2019-19926
* SECURITY UPDATE: embedded NULL filename mishandling
- debian/patches/CVE-2019-19959.patch: handle filenames that contain
embedded zeros in ext/misc/zipfile.c.
- CVE-2019-19959
* SECURITY UPDATE: selectExpander stack unwinding issue
- debian/patches/CVE-2019-20218-pre1.patch: make sure the WITH stack in
the Parse object is disabled following an error in src/select.c,
src/util.c, test/with3.test.
- debian/patches/CVE-2019-20218.patch: do not attempt to unwind the
WITH stack in the Parse object following an error in src/select.c,
test/altertab3.test.
- CVE-2019-20218
* SECURITY UPDATE: NULL pointer deref via generated column optimizations
- debian/patches/CVE-2020-9327.patch: take care when checking the
table of a TK_COLUMN expression node src/sqliteInt.h,
src/whereexpr.c.
-- Marc Deslauriers <email address hidden> Tue, 03 Mar 2020 09:20:41 -0500
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Bionic
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- devel
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| sqlite3_3.22.0.orig-www.tar.xz | 3.4 MiB | a61a14d6f457bb31ca32f4844398140050597fe4403dc0ee19576111f407e231 |
| sqlite3_3.22.0.orig.tar.xz | 5.7 MiB | f973ba63b5a1ea1d72e80c585bfb945e71d3f8b74fbecccdf345a84f8c91e5d1 |
| sqlite3_3.22.0-1ubuntu0.3.debian.tar.xz | 44.1 KiB | 153d65bf0d6957a1c6e47cb4f1ab79e96190317576859003e0b96d656f1f78a6 |
| sqlite3_3.22.0-1ubuntu0.3.dsc | 2.5 KiB | 54b2afc4ed367051c216ee8c96abce9a511f1b8ca7b05c76cefd667cf3e5746b |
Available diffs
Binary packages built by this source
- lemon: LALR(1) Parser Generator for C or C++
Lemon is an LALR(1) parser generator for C or C++. It does the same
job as bison and yacc. But lemon is not another bison or yacc
clone. It uses a different grammar syntax which is designed to reduce
the number of coding errors. Lemon also uses a more sophisticated
parsing engine that is faster than yacc and bison and which is both
reentrant and thread-safe. Furthermore, Lemon implements features
that can be used to eliminate resource leaks, making is suitable for
use in long-running programs such as graphical user interfaces or
embedded controllers.
- lemon-dbgsym: debug symbols for lemon
- libsqlite3-0: SQLite 3 shared library
SQLite is a C library that implements an SQL database engine.
Programs that link with the SQLite library can have SQL database
access without running a separate RDBMS process.
- libsqlite3-0-dbgsym: debug symbols for libsqlite3-0
- libsqlite3-dev: SQLite 3 development files
SQLite is a C library that implements an SQL database engine.
Programs that link with the SQLite library can have SQL database
access without running a separate RDBMS process.
.
This package contains the development files (headers, static libraries)
- libsqlite3-tcl: SQLite 3 Tcl bindings
SQLite is a C library that implements an SQL database engine.
Programs that link with the SQLite library can have SQL database
access without running a separate RDBMS process.
.
This package contains the Tcl bindings.
- libsqlite3-tcl-dbgsym: debug symbols for libsqlite3-tcl
- sqlite3: Command line interface for SQLite 3
SQLite is a C library that implements an SQL database engine.
Programs that link with the SQLite library can have SQL database
access without running a separate RDBMS process.
- sqlite3-dbgsym: debug symbols for sqlite3
- sqlite3-doc: SQLite 3 documentation
SQLite is a C library that implements an SQL database engine.
Programs that link with the SQLite library can have SQL database
access without running a separate RDBMS process.
.
This package contains the documentation that is also available on
the SQLite homepage.
