Ubuntu
sqlite3 package

Change logs for sqlite3 source package in Disco

Disco (19.04)
Change log

sqlite3 (3.27.2-2ubuntu0.2) disco-security; urgency=medium

  * SECURITY UPDATE: Severe division by zero
    - debian/patches/CVE-2019-16168.patch: fix in
      src/analyze.c, src/where.c, test/analyzeC.test.
    - CVE-2019-16168
  * SECURITY UPDATE: Use after free
    - debian/patches/CVE-2019-5018.patch: fix in
      src/resolve.c, src/sqliteInt.h.
    - CVE-2019-5018
  * SECURITY UPDATE: Heap corruption exploit
    - debian/patches/CVE-2019-5827-*.patch: fix in
      ext/fts3*, ext/rtree/geopoly.c, src/build.c,
      src/expr.c, src/main.c, src/test_fs.c, src/util.c,
      src/vdbeaux.c, src/vdbesort.c, src/vtab.c.
    - CVE-2019-5827
  * SECURITY UPDATE: Mishandle pExpr
    - debian/patches/CVE-2019-19242.patch: correctly handled
      pExpr in src/expr.c.
    - CVE-2019-19242
  * SECURITY UPDATE: Denial of service (crash)
    - debian/patches/CVE-2019-19244.patch: fix the crash
      that happens if no check p->Win == 0 in src/select.c,
      test1/window1.test.
    - CVE-2019-19244

 -- <email address hidden> (Leonidas S. Barbosa)  Wed, 27 Nov 2019 11:40:05 -0300

sqlite3 (3.27.2-2ubuntu0.1) disco-security; urgency=medium

  * SECURITY UPDATE: heap out-of-bound read
    - debian/patches/CVE-2019-8457.patch: enhance the
      rtreenode() in ext/rtree/rtree.c.
    - CVE-2019-8457

 -- <email address hidden> (Leonidas S. Barbosa)  Thu, 13 Jun 2019 11:28:02 -0300

sqlite3 (3.27.2-2) unstable; urgency=high

  * Backport security related patches:
    - use unsigned integers to count the number of pages in a freelist
      during an integrity_check, to avoid any possibility of a signed integer
      overflow,
    - fix a crash that could occur if the RHS of an IN expression is a
      correlated sub-query that refers to the outer query from within a
      window frame definition only,
    - ensure that ALTER TABLE commands open statement transactions,
    - CVE-2019-9937: fix an fts5 problem with interleaving reads and writes
      in a single transaction (closes: #925290),
    - CVE-2019-9936: fix a buffer overread that could occur when running fts5
      prefix queries inside a transaction (closes: #925289).

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Tue, 19 Mar 2019 17:46:39 +0000

sqlite3 (3.27.2-1) unstable; urgency=medium

  * New upstream release (closes: #923038).

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Mon, 25 Feb 2019 18:47:50 +0000

sqlite3 (3.27.1-2) unstable; urgency=medium

  * Backport upstream fix for assertion fault in self-join with a IN
    constraint.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Wed, 20 Feb 2019 17:37:53 +0000

sqlite3 (3.27.1-1) unstable; urgency=medium

  * New upstream release.
  * Compile with URI filename support.
  * Update libsqlite3-0 symbols.

  [ Helmut Grohne <email address hidden> ]
  * Mark lemon Multi-Arch: foreign (closes: #922163).

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Tue, 12 Feb 2019 21:39:45 +0000

sqlite3 (3.26.0+fossilbc891ac6b-2) unstable; urgency=medium

  * Backport upstream fix for a problem with bytecode generation when a
    query involves two or more indexes on expressions connected by OR.
  * Update Standards-Version to 4.3.0 .

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sat, 26 Jan 2019 07:19:44 +0000

sqlite3 (3.26.0+fossilbc891ac6b-1build1) disco; urgency=medium

  * No-change rebuild for readline soname change.

 -- Matthias Klose <email address hidden>  Mon, 14 Jan 2019 20:09:40 +0000

sqlite3 (3.26.0+fossilbc891ac6b-1) unstable; urgency=medium

  * New Fossil snapshot release:
    - ensure that ALTER TABLE modifies table and column names embedded,
    - fix a potential NULL pointer dereference that can occur in ALTER TABLE,
    - fix the sqlite3ExprDup() function so that it correctly duplicates the
      Window object list,
    - do not use a partial index as a table scan in an IN operator,
    - fix a problem with using "<db>-vacuum",
    - OSSFuzz found a case where an assert() inside sqlite3ExprCompare() can
      be true.
  * Revert version number bump.
  * Fix a problem with the CSV extension when it uses the "header" option on
    a real file.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Wed, 26 Dec 2018 15:49:50 +0000

sqlite3 (3.26.0-3) unstable; urgency=medium

  * Declare that SQLite3 version 3.26.0 breaks unfixed python{,3}-migrate
    (closes: #916046).

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Mon, 10 Dec 2018 14:41:05 +0000

sqlite3 (3.26.0-2) unstable; urgency=medium

  * Backport upstream fix to ensure that ALTER TABLE modifies table and
    column names embedded in WITH clauses that are part of views and
    triggers.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Thu, 06 Dec 2018 21:58:13 +0000

sqlite3 (3.26.0-1) unstable; urgency=medium

  * New upstream release.
  * Update libsqlite3-0 symbols.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sun, 02 Dec 2018 01:20:35 +0000

sqlite3 (3.25.3-2) unstable; urgency=medium

  * Backport security related patches:
    - fix a buffer overread associated with sqlite3_deserialize() ,
    - fix a potential buffer overread in the dbstat virtual table when
      processing a corrupt database file.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Thu, 22 Nov 2018 20:43:37 +0000

sqlite3 (3.25.3-1) unstable; urgency=medium

  * New upstream release.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Tue, 06 Nov 2018 20:26:02 +0000

sqlite3 (3.24.0-1) unstable; urgency=medium

  * New upstream release.
  * Update libsqlite3-0 symbols.
  * Update debhelper level to 11:
    - update documentation path.
  * Update Standards-Version to 4.1.4 .

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Tue, 05 Jun 2018 21:47:02 +0000

Ubuntusqlite3 package

Change logs for sqlite3 source package in Disco

Ubuntu
sqlite3 package