-
sqlite3 (3.33.0-1ubuntu0.1) groovy-security; urgency=medium
* SECURITY UPDATE: DoS and possible code exec via certain sub-queries
- debian/patches/CVE-2021-20227.patch: properly handle sub-queries with
both a correlated WHERE clause and a "HAVING 0" clause where the
parent query is itself an aggregate in src/select.c,
test/having.test.
- CVE-2021-20227
-- Marc Deslauriers <email address hidden> Wed, 10 Feb 2021 13:29:06 -0500
-
sqlite3 (3.33.0-1) unstable; urgency=medium
* New upstream release.
* Update libsqlite3-0 symbols.
-- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 15 Aug 2020 16:40:06 +0200
-
sqlite3 (3.32.3-1) unstable; urgency=medium
* New upstream release:
- better fix for CVE-2020-13871: use-after-free in resetAccumulator() in
select.c because the parse tree rewrite for window functions is too
late.
* Remove sqlite3SelectTrace@Base symbol as no longer part of the library.
-- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 20 Jun 2020 17:04:00 +0200
-
sqlite3 (3.32.2-2) unstable; urgency=high
* Backport upstream security fix for CVE-2020-13871: use-after-free in
resetAccumulator() in select.c because the parse tree rewrite for window
functions is too late.
* Update libsqlite3-0 symbols.
-- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 06 Jun 2020 20:00:23 +0200
-
sqlite3 (3.32.2-1) unstable; urgency=medium
* New upstream release.
-- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 06 Jun 2020 08:57:49 +0200
-
sqlite3 (3.32.1-2) unstable; urgency=medium
* Set LC_ALL to C.UTF-8 for lynx to generate changelog (closes: #961940).
-- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 01 Jun 2020 07:23:26 +0200
-
sqlite3 (3.32.1-1) unstable; urgency=high
* New upstream release, including two security fixes.
-- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 25 May 2020 19:07:13 +0200
-
sqlite3 (3.32.0-2) unstable; urgency=medium
* Generate upstream changelog without links (closes: #961450).
-- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 25 May 2020 06:56:10 +0200
-
sqlite3 (3.32.0-1) unstable; urgency=medium
* New upstream release, fixes CVE-2020-11656.
* Remove backported patches.
* Generate plain text upstream changelog (closes: #959983).
* Update libsqlite3-0 symbols.
[ Vagrant Cascadian <email address hidden> ]
* Pass SHELL=/bin/sh to configure, to ensure reproducible builds regardless
of the setting of the SHELL environment variable (closes: #949341).
-- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 24 May 2020 11:47:32 +0200
-
sqlite3 (3.31.1-5) unstable; urgency=high
* Backport upstream security fix for CVE-2020-11655: denial of service
(segmentation fault) via a malformed window-function query.
-- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 13 Apr 2020 10:21:16 +0000
-
sqlite3 (3.31.1-4) unstable; urgency=medium
* Backport upstream fix for problems in the constant propagation
optimization.
-- Laszlo Boszormenyi (GCS) <email address hidden> Thu, 05 Mar 2020 19:05:04 +0000