Format: 1.8
Date: Tue, 03 Mar 2020 09:21:25 -0500
Source: sqlite3
Binary: lemon libsqlite3-0 libsqlite3-dev libsqlite3-tcl sqlite3 sqlite3-doc
Architecture: amd64 all
Version: 3.29.0-2ubuntu0.2
Distribution: eoan
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lcy01-amd64-011.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 lemon      - LALR(1) Parser Generator for C or C++
 libsqlite3-0 - SQLite 3 shared library
 libsqlite3-dev - SQLite 3 development files
 libsqlite3-tcl - SQLite 3 Tcl bindings
 sqlite3    - Command line interface for SQLite 3
 sqlite3-doc - SQLite 3 documentation
Changes:
 sqlite3 (3.29.0-2ubuntu0.2) eoan-security; urgency=medium
 .
   * SECURITY UPDATE: more shadow table corruption
     - debian/patches/CVE-2019-13734_50.patch: more improvements to shadow
       table corruption detection in ext/fts3/fts3.c, ext/fts3/fts3Int.h,
       ext/fts3/fts3_write.c.
     - CVE-2019-13734
     - CVE-2019-13750
   * SECURITY UPDATE: corrupt records in fts3
     - debian/patches/CVE-2019-13751-pre1.patch: detect and prevent infinite
       recursion in fts3SelectLeaf() due to a malformed FTS3 btree in
       ext/fts3/fts3.c, test/fts4aa.test.
     - debian/patches/CVE-2019-13751.patch: improve detection of corrupt
       records in ext/fts3/fts3.c, ext/fts3/fts3_write.c.
     - CVE-2019-13751
   * SECURITY UPDATE: shadow table corruption
     - debian/patches/CVE-2019-13752.patch: improved detection of corrupt
       shadow tables in ext/fts3/fts3.c, ext/fts3/fts3Int.h,
       ext/fts3/fts3_write.c.
     - CVE-2019-13752
   * SECURITY UPDATE: out of bounds read
     - debian/patches/CVE-2019-13753.patch: remove a reachable NEVER() in
       ext/fts3/fts3_write.c.
     - CVE-2019-13753
   * SECURITY UPDATE: invalid pointer dereference
     - debian/patches/CVE-2019-19880.patch: fully disable the constant value
       to avoid an invalid pointer dereference in src/window.c.
     - CVE-2019-19880
   * SECURITY UPDATE: SELECT DISTINCT involving a LEFT JOIN issue
     - debian/patches/CVE-2019-19923.patch: continue to back away from the
       LEFT JOIN optimization of check-in by disallowing query flattening if
       the outer query is DISTINCT in src/select.c, test/join.test.
     - CVE-2019-19923
   * SECURITY UPDATE: certain parser-tree rewriting mishandling
     - debian/patches/CVE-2019-19924.patch: properly handle errors in
       src/expr.c, src/vdbeaux.c, src/window.c.
     - CVE-2019-19924
   * SECURITY UPDATE: NULL pathname mishandling in zipfileUpdate
     - debian/patches/CVE-2019-19925.patch: properly handle pathname in
       ext/misc/zipfile.c, test/zipfile.test.
     - CVE-2019-19925
   * SECURITY UPDATE: multiSelect error handling issue
     - debian/patches/CVE-2019-19926.patch: abort early due to prior errors
       in src/select.c.
     - CVE-2019-19926
   * SECURITY UPDATE: embedded NULL filename mishandling
     - debian/patches/CVE-2019-19959-1.patch: add test to test/zipfile.test.
     - debian/patches/CVE-2019-19959-2.patch: handle filenames that contain
       embedded zeros in ext/misc/zipfile.c.
     - CVE-2019-19959
   * SECURITY UPDATE: selectExpander stack unwinding issue
     - debian/patches/CVE-2019-20218-pre1.patch: make sure the WITH stack in
       the Parse object is disabled following an error in src/select.c,
       src/util.c, test/with3.test.
     - debian/patches/CVE-2019-20218.patch: do not attempt to unwind the
       WITH stack in the Parse object following an error in src/select.c,
       test/altertab3.test.
     - CVE-2019-20218
   * SECURITY UPDATE: NULL pointer deref via generated column optimizations
     - debian/patches/CVE-2020-9327-1.patch: take care when checking the
       table of a TK_COLUMN expression node in src/expr.c, src/sqliteInt.h,
       src/whereexpr.c.
     - debian/patches/CVE-2020-9327-2.patch: switch to better and smaller
       solution in src/expr.c, src/sqliteInt.h, src/whereexpr.c.
     - CVE-2020-9327
Checksums-Sha1:
 f46fc81201aa51fd3f3548af3b847eae4e2b575b 85648 lemon-dbgsym_3.29.0-2ubuntu0.2_amd64.ddeb
 232fe29a3b4c05dd3a23d3b076035aea269d2b97 57884 lemon_3.29.0-2ubuntu0.2_amd64.deb
 25812829be3f0235a111567cab3842613016cd7a 1918888 libsqlite3-0-dbgsym_3.29.0-2ubuntu0.2_amd64.ddeb
 f4a015b3f29a17d7d0cc1578d27f9980935288fb 537552 libsqlite3-0_3.29.0-2ubuntu0.2_amd64.deb
 8682c1afe3f67dc8373aa8c993f062af686fa265 681072 libsqlite3-dev_3.29.0-2ubuntu0.2_amd64.deb
 bb231f618982b0e8114b92f731fd29712362e22d 67028 libsqlite3-tcl-dbgsym_3.29.0-2ubuntu0.2_amd64.ddeb
 8c6a1650a1d86dd3e08e2451b040a14718300839 21368 libsqlite3-tcl_3.29.0-2ubuntu0.2_amd64.deb
 4fe88f4e7a804d7071ac668accb8e430d652e420 4236700 sqlite3-dbgsym_3.29.0-2ubuntu0.2_amd64.ddeb
 cfdbfee569246c1374e4b9b5f07ab0f68c7d5362 6984108 sqlite3-doc_3.29.0-2ubuntu0.2_all.deb
 34b757bfea7bc3ed150c3a1571cd2e8fb6f8cdf1 7814 sqlite3_3.29.0-2ubuntu0.2_amd64.buildinfo
 5d05e8558b0e1573b0d654dc4d2723b83b696bb7 842776 sqlite3_3.29.0-2ubuntu0.2_amd64.deb
Checksums-Sha256:
 06231062ebfd58d52758e2d64a51e23b43ddcab2adc3171e65b652deb4127496 85648 lemon-dbgsym_3.29.0-2ubuntu0.2_amd64.ddeb
 4ca9dab19dc739374d70fd762e0a93018a283e637dada3218bb8ec43801b61f8 57884 lemon_3.29.0-2ubuntu0.2_amd64.deb
 a1e749832083921cb6d5cfc527cc120b5a24bbddb6b149cc70fb1c5fca9eb998 1918888 libsqlite3-0-dbgsym_3.29.0-2ubuntu0.2_amd64.ddeb
 afa104b1820413946a6f8ec7c86f48c342a52b37b3b27a7f7af58536619be013 537552 libsqlite3-0_3.29.0-2ubuntu0.2_amd64.deb
 892dba545be4fc9db8bae32b0258ecd68bcab4435a49b87f0587550028c75e69 681072 libsqlite3-dev_3.29.0-2ubuntu0.2_amd64.deb
 254c4a3217c8d27a62ded9b05ad7cec76b86ce321386ac1bd24ecd56505d85c9 67028 libsqlite3-tcl-dbgsym_3.29.0-2ubuntu0.2_amd64.ddeb
 9098624d361b123e8cd8250ae1290f0580a98d89946f5e85fa36513239f9116e 21368 libsqlite3-tcl_3.29.0-2ubuntu0.2_amd64.deb
 84012df7ff8dc5a3e0a5a5af2e5a8a269cdde17ef34dc8025a0dd6bdfaee70b6 4236700 sqlite3-dbgsym_3.29.0-2ubuntu0.2_amd64.ddeb
 ea4da6335d4e3ccdf873a88fa5cbdf3f1c324cc3b48c6a30e9f08b247986eebf 6984108 sqlite3-doc_3.29.0-2ubuntu0.2_all.deb
 ba3305f2556794c2e245aef1ed03e1c64d0797fb2d769cedad05a9f9acb11cf1 7814 sqlite3_3.29.0-2ubuntu0.2_amd64.buildinfo
 11a7bbdec3ac790c824a856c5a3ca18e1268a3bd6db3bef4f88eaa02d1e541d0 842776 sqlite3_3.29.0-2ubuntu0.2_amd64.deb
Files:
 9c1a4edae54d4bc1f965e12a340466a3 85648 debug optional lemon-dbgsym_3.29.0-2ubuntu0.2_amd64.ddeb
 0fd86abf10458c7b6a8c58b6eb28f4ed 57884 devel optional lemon_3.29.0-2ubuntu0.2_amd64.deb
 e97f006ae9616789a318c005644530a4 1918888 debug optional libsqlite3-0-dbgsym_3.29.0-2ubuntu0.2_amd64.ddeb
 24dd1dfb98e9e0091484129cab32bbb9 537552 libs optional libsqlite3-0_3.29.0-2ubuntu0.2_amd64.deb
 1c7d498d5d3232a31199ad9a1d850c32 681072 libdevel optional libsqlite3-dev_3.29.0-2ubuntu0.2_amd64.deb
 07177fa80dcb6fece4f35bdd007db9fd 67028 debug optional libsqlite3-tcl-dbgsym_3.29.0-2ubuntu0.2_amd64.ddeb
 e370971bbce598b866f41a433335f2fa 21368 interpreters optional libsqlite3-tcl_3.29.0-2ubuntu0.2_amd64.deb
 38af928d72f0da7fefd04733aaa9fadc 4236700 debug optional sqlite3-dbgsym_3.29.0-2ubuntu0.2_amd64.ddeb
 8b5e8b72e77337242195f0574eea010d 6984108 doc optional sqlite3-doc_3.29.0-2ubuntu0.2_all.deb
 b59503e84e82bb9371e4326385647792 7814 devel optional sqlite3_3.29.0-2ubuntu0.2_amd64.buildinfo
 af19f386fd88b1d30a9840b52e134dae 842776 database optional sqlite3_3.29.0-2ubuntu0.2_amd64.deb
Original-Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>