Format: 1.8 Date: Tue, 03 Mar 2020 09:20:41 -0500 Source: sqlite3 Binary: lemon sqlite3 sqlite3-doc libsqlite3-0 libsqlite3-dev libsqlite3-tcl Architecture: i386 Version: 3.22.0-1ubuntu0.3 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: lemon - LALR(1) Parser Generator for C or C++ libsqlite3-0 - SQLite 3 shared library libsqlite3-dev - SQLite 3 development files libsqlite3-tcl - SQLite 3 Tcl bindings sqlite3 - Command line interface for SQLite 3 sqlite3-doc - SQLite 3 documentation Changes: sqlite3 (3.22.0-1ubuntu0.3) bionic-security; urgency=medium . * SECURITY UPDATE: more shadow table corruption - debian/patches/CVE-2019-13734_50.patch: more improvements to shadow table corruption detection in ext/fts3/fts3.c, ext/fts3/fts3Int.h, ext/fts3/fts3_write.c. - CVE-2019-13734 - CVE-2019-13750 * SECURITY UPDATE: corrupt records in fts3 - debian/patches/CVE-2019-13751-pre1.patch: detect and prevent infinite recursion in fts3SelectLeaf() due to a malformed FTS3 btree in ext/fts3/fts3.c, test/fts4aa.test. - debian/patches/CVE-2019-13751.patch: improve detection of corrupt records in ext/fts3/fts3.c, ext/fts3/fts3_write.c. - CVE-2019-13751 * SECURITY UPDATE: shadow table corruption - debian/patches/CVE-2019-13752.patch: improved detection of corrupt shadow tables in ext/fts3/fts3.c, ext/fts3/fts3Int.h, ext/fts3/fts3_write.c. - CVE-2019-13752 * SECURITY UPDATE: out of bounds read - debian/patches/CVE-2019-13753.patch: remove a reachable NEVER() in ext/fts3/fts3_write.c. - CVE-2019-13753 * SECURITY UPDATE: SELECT DISTINCT involving a LEFT JOIN issue - debian/patches/CVE-2019-19923.patch: continue to back away from the LEFT JOIN optimization of check-in by disallowing query flattening if the outer query is DISTINCT in src/select.c, test/join.test. - CVE-2019-19923 * SECURITY UPDATE: certain parser-tree rewriting mishandling - debian/patches/CVE-2019-19924.patch: properly handle errors in src/expr.c, src/vdbeaux.c, src/window.c. - CVE-2019-19924 * SECURITY UPDATE: NULL pathname mishandling in zipfileUpdate - debian/patches/CVE-2019-19925.patch: properly handle pathname in ext/misc/zipfile.c. - CVE-2019-19925 * SECURITY UPDATE: multiSelect error handling issue - debian/patches/CVE-2019-19926.patch: abort early due to prior errors in src/select.c. - CVE-2019-19926 * SECURITY UPDATE: embedded NULL filename mishandling - debian/patches/CVE-2019-19959.patch: handle filenames that contain embedded zeros in ext/misc/zipfile.c. - CVE-2019-19959 * SECURITY UPDATE: selectExpander stack unwinding issue - debian/patches/CVE-2019-20218-pre1.patch: make sure the WITH stack in the Parse object is disabled following an error in src/select.c, src/util.c, test/with3.test. - debian/patches/CVE-2019-20218.patch: do not attempt to unwind the WITH stack in the Parse object following an error in src/select.c, test/altertab3.test. - CVE-2019-20218 * SECURITY UPDATE: NULL pointer deref via generated column optimizations - debian/patches/CVE-2020-9327.patch: take care when checking the table of a TK_COLUMN expression node src/sqliteInt.h, src/whereexpr.c. Checksums-Sha1: 1a30b4d8fb28532a2e0a226cbedf7b5eb1b68526 57536 lemon-dbgsym_3.22.0-1ubuntu0.3_i386.ddeb d46e5418afa25e4cf611972f3497bdae4c30e4db 58168 lemon_3.22.0-1ubuntu0.3_i386.deb ec9e307a8a8c81d7a38eaa98628702a3a0aaab0c 1275804 libsqlite3-0-dbgsym_3.22.0-1ubuntu0.3_i386.ddeb d14f97415992ff3c44eafa8eec44191ff7c0f008 534084 libsqlite3-0_3.22.0-1ubuntu0.3_i386.deb 0b0a4a1e3b005bbdf180dc7deca83b518e347a90 666912 libsqlite3-dev_3.22.0-1ubuntu0.3_i386.deb 09f617729eb448be687cf1b827873d6411de819a 50524 libsqlite3-tcl-dbgsym_3.22.0-1ubuntu0.3_i386.ddeb 388f0ba946a6db7f13c8cf7f7911ac185285ace0 23024 libsqlite3-tcl_3.22.0-1ubuntu0.3_i386.deb 6fa8f0d76fe94a30e1baeed05b33e2381a757077 2768568 sqlite3-dbgsym_3.22.0-1ubuntu0.3_i386.ddeb d5e210de1c48b76ab2d67181855a52b54234d4b1 7763 sqlite3_3.22.0-1ubuntu0.3_i386.buildinfo 334bfd1285c533d7e82124e1d48577f3b35f2929 856524 sqlite3_3.22.0-1ubuntu0.3_i386.deb Checksums-Sha256: 5efbb436de9ea6b94ed00bba66eb76abfe5fddcd7a8af765c89c3926b343d22b 57536 lemon-dbgsym_3.22.0-1ubuntu0.3_i386.ddeb be2e47cc37b2661a747e3bd7bcda9a2da91daa834c3f66d95ea5738fdc99787f 58168 lemon_3.22.0-1ubuntu0.3_i386.deb abd6118a947b005df5def64d7ea52ed637e2fb086b05bcb04c4ec76a05f2f4e5 1275804 libsqlite3-0-dbgsym_3.22.0-1ubuntu0.3_i386.ddeb e7ac082d723cf80e54b9f1e4b9b96a20177b210a01886f6e637d8f481c371095 534084 libsqlite3-0_3.22.0-1ubuntu0.3_i386.deb 2746873a043ad4a1b3722238c3fdbf2b86c61e9dcefddb31c4b5e765609f0579 666912 libsqlite3-dev_3.22.0-1ubuntu0.3_i386.deb 338e8acf8c651ea55fbd95a511f1dac9fdd536b20570c52d988800387c1fcd66 50524 libsqlite3-tcl-dbgsym_3.22.0-1ubuntu0.3_i386.ddeb 2f75f06bce4fdd3d6b696872986b01e71ba74de72947fac6d9105ea725e372bd 23024 libsqlite3-tcl_3.22.0-1ubuntu0.3_i386.deb 3963427b21946a29112bfeaf37bed0d37cb123dcd14d12011bbb8e94ace84cf4 2768568 sqlite3-dbgsym_3.22.0-1ubuntu0.3_i386.ddeb 6ecd78837b9998619be838db8c317cd164fb0c4d9449612fc86983465949bd0b 7763 sqlite3_3.22.0-1ubuntu0.3_i386.buildinfo e41edd4fa65f5568d93f6a6f0b65547c8b15cc555c3c4aeb8791b99309a13e00 856524 sqlite3_3.22.0-1ubuntu0.3_i386.deb Files: af006d9d9db365aa7066df0739caf1d1 57536 debug optional lemon-dbgsym_3.22.0-1ubuntu0.3_i386.ddeb 4847b09ca7524c7e7c71730d491e015f 58168 devel optional lemon_3.22.0-1ubuntu0.3_i386.deb 05a7c0aa18411a33a88eeee8398d34b8 1275804 debug optional libsqlite3-0-dbgsym_3.22.0-1ubuntu0.3_i386.ddeb 86de439421661d07b3229367a39bffe0 534084 libs standard libsqlite3-0_3.22.0-1ubuntu0.3_i386.deb 94f5511bc68a4c274fff59b733af2107 666912 libdevel optional libsqlite3-dev_3.22.0-1ubuntu0.3_i386.deb 90e59116a7653d40078b647c8be341f4 50524 debug optional libsqlite3-tcl-dbgsym_3.22.0-1ubuntu0.3_i386.ddeb c409df7f95b6ef252d767941e7dfd86c 23024 interpreters optional libsqlite3-tcl_3.22.0-1ubuntu0.3_i386.deb 4bb419abf31b99bbd11aa594d9b40773 2768568 debug optional sqlite3-dbgsym_3.22.0-1ubuntu0.3_i386.ddeb e5525a2bec8f5f720929a3e1b9af7551 7763 devel optional sqlite3_3.22.0-1ubuntu0.3_i386.buildinfo 3776b8bbc3530a31226db2cf9ca02d3f 856524 database optional sqlite3_3.22.0-1ubuntu0.3_i386.deb Original-Maintainer: Laszlo Boszormenyi (GCS)