-
sqlite3 (3.27.2-2ubuntu0.2) disco-security; urgency=medium
* SECURITY UPDATE: Severe division by zero
- debian/patches/CVE-2019-16168.patch: fix in
src/analyze.c, src/where.c, test/analyzeC.test.
- CVE-2019-16168
* SECURITY UPDATE: Use after free
- debian/patches/CVE-2019-5018.patch: fix in
src/resolve.c, src/sqliteInt.h.
- CVE-2019-5018
* SECURITY UPDATE: Heap corruption exploit
- debian/patches/CVE-2019-5827-*.patch: fix in
ext/fts3*, ext/rtree/geopoly.c, src/build.c,
src/expr.c, src/main.c, src/test_fs.c, src/util.c,
src/vdbeaux.c, src/vdbesort.c, src/vtab.c.
- CVE-2019-5827
* SECURITY UPDATE: Mishandle pExpr
- debian/patches/CVE-2019-19242.patch: correctly handled
pExpr in src/expr.c.
- CVE-2019-19242
* SECURITY UPDATE: Denial of service (crash)
- debian/patches/CVE-2019-19244.patch: fix the crash
that happens if no check p->Win == 0 in src/select.c,
test1/window1.test.
- CVE-2019-19244
-- <email address hidden> (Leonidas S. Barbosa) Wed, 27 Nov 2019 11:40:05 -0300
-
sqlite3 (3.27.2-2ubuntu0.1) disco-security; urgency=medium
* SECURITY UPDATE: heap out-of-bound read
- debian/patches/CVE-2019-8457.patch: enhance the
rtreenode() in ext/rtree/rtree.c.
- CVE-2019-8457
-- <email address hidden> (Leonidas S. Barbosa) Thu, 13 Jun 2019 11:28:02 -0300
-
sqlite3 (3.27.2-2) unstable; urgency=high
* Backport security related patches:
- use unsigned integers to count the number of pages in a freelist
during an integrity_check, to avoid any possibility of a signed integer
overflow,
- fix a crash that could occur if the RHS of an IN expression is a
correlated sub-query that refers to the outer query from within a
window frame definition only,
- ensure that ALTER TABLE commands open statement transactions,
- CVE-2019-9937: fix an fts5 problem with interleaving reads and writes
in a single transaction (closes: #925290),
- CVE-2019-9936: fix a buffer overread that could occur when running fts5
prefix queries inside a transaction (closes: #925289).
-- Laszlo Boszormenyi (GCS) <email address hidden> Tue, 19 Mar 2019 17:46:39 +0000
-
sqlite3 (3.27.2-1) unstable; urgency=medium
* New upstream release (closes: #923038).
-- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 25 Feb 2019 18:47:50 +0000
-
sqlite3 (3.27.1-2) unstable; urgency=medium
* Backport upstream fix for assertion fault in self-join with a IN
constraint.
-- Laszlo Boszormenyi (GCS) <email address hidden> Wed, 20 Feb 2019 17:37:53 +0000
-
sqlite3 (3.27.1-1) unstable; urgency=medium
* New upstream release.
* Compile with URI filename support.
* Update libsqlite3-0 symbols.
[ Helmut Grohne <email address hidden> ]
* Mark lemon Multi-Arch: foreign (closes: #922163).
-- Laszlo Boszormenyi (GCS) <email address hidden> Tue, 12 Feb 2019 21:39:45 +0000
-
sqlite3 (3.26.0+fossilbc891ac6b-2) unstable; urgency=medium
* Backport upstream fix for a problem with bytecode generation when a
query involves two or more indexes on expressions connected by OR.
* Update Standards-Version to 4.3.0 .
-- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 26 Jan 2019 07:19:44 +0000
-
sqlite3 (3.26.0+fossilbc891ac6b-1build1) disco; urgency=medium
* No-change rebuild for readline soname change.
-- Matthias Klose <email address hidden> Mon, 14 Jan 2019 20:09:40 +0000
-
sqlite3 (3.26.0+fossilbc891ac6b-1) unstable; urgency=medium
* New Fossil snapshot release:
- ensure that ALTER TABLE modifies table and column names embedded,
- fix a potential NULL pointer dereference that can occur in ALTER TABLE,
- fix the sqlite3ExprDup() function so that it correctly duplicates the
Window object list,
- do not use a partial index as a table scan in an IN operator,
- fix a problem with using "<db>-vacuum",
- OSSFuzz found a case where an assert() inside sqlite3ExprCompare() can
be true.
* Revert version number bump.
* Fix a problem with the CSV extension when it uses the "header" option on
a real file.
-- Laszlo Boszormenyi (GCS) <email address hidden> Wed, 26 Dec 2018 15:49:50 +0000
-
sqlite3 (3.26.0-3) unstable; urgency=medium
* Declare that SQLite3 version 3.26.0 breaks unfixed python{,3}-migrate
(closes: #916046).
-- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 10 Dec 2018 14:41:05 +0000
-
sqlite3 (3.26.0-2) unstable; urgency=medium
* Backport upstream fix to ensure that ALTER TABLE modifies table and
column names embedded in WITH clauses that are part of views and
triggers.
-- Laszlo Boszormenyi (GCS) <email address hidden> Thu, 06 Dec 2018 21:58:13 +0000
-
sqlite3 (3.26.0-1) unstable; urgency=medium
* New upstream release.
* Update libsqlite3-0 symbols.
-- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 02 Dec 2018 01:20:35 +0000
-
sqlite3 (3.25.3-2) unstable; urgency=medium
* Backport security related patches:
- fix a buffer overread associated with sqlite3_deserialize() ,
- fix a potential buffer overread in the dbstat virtual table when
processing a corrupt database file.
-- Laszlo Boszormenyi (GCS) <email address hidden> Thu, 22 Nov 2018 20:43:37 +0000
-
sqlite3 (3.25.3-1) unstable; urgency=medium
* New upstream release.
-- Laszlo Boszormenyi (GCS) <email address hidden> Tue, 06 Nov 2018 20:26:02 +0000
-
sqlite3 (3.24.0-1) unstable; urgency=medium
* New upstream release.
* Update libsqlite3-0 symbols.
* Update debhelper level to 11:
- update documentation path.
* Update Standards-Version to 4.1.4 .
-- Laszlo Boszormenyi (GCS) <email address hidden> Tue, 05 Jun 2018 21:47:02 +0000