Accepted sqlite3 3.27.2-3 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 01 Jun 2019 15:38:52 +0000
Source: sqlite3
Architecture: source
Version: 3.27.2-3
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Closes: 928770
Changes:
sqlite3 (3.27.2-3) unstable; urgency=high
.
* Backport security related patches:
- CVE-2019-8457: heap out-of-bound read in the rtreenode() function when
handling invalid rtree tables,
- prevent aliases of window functions expressions from being used as
arguments to aggregate or other window functions (probably fixing
CVE-2019-5018) (closes: #928770),
- enforce the SQLITE_LIMIT_COLUMN limit on virtual tables (probably
fixing most of CVE-2019-5827),
- use the 64-bit memory allocator interfaces in extensions, whenever
possible (probably additional fix for CVE-2019-5827).
Checksums-Sha1:
a5c0057fde4e8959024610fe1078740908fceccd 2398 sqlite3_3.27.2-3.dsc
feb345f5e9a20730d8839d8d22049b41e8033a26 30372 sqlite3_3.27.2-3.debian.tar.xz
6adc6ddeaf0b145993df10bee55b09842b6db183 9077 sqlite3_3.27.2-3_amd64.buildinfo
Checksums-Sha256:
4d8c953891d6268911aa273f8cb7c9e0bdd026c7918f6203fd019d3e16cea1cc 2398 sqlite3_3.27.2-3.dsc
0a95abfc23baa8d0fa2ec7fc6b96f46e34c37f23ff540bc041eff111e6550af9 30372 sqlite3_3.27.2-3.debian.tar.xz
5ffc0b2330dca6617c0cd54497e5a249f71703770f7300fb2355afef7bd9ac66 9077 sqlite3_3.27.2-3_amd64.buildinfo
Files:
ec0bb67d9c1eef8e8d521bbc62937420 2398 devel optional sqlite3_3.27.2-3.dsc
6320b89221e1b2698af7e8fde62eeb54 30372 devel optional sqlite3_3.27.2-3.debian.tar.xz
7fba009d98e161cbdf195855f00dc565 9077 devel optional sqlite3_3.27.2-3_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAlz+iXIACgkQ3OMQ54ZM
yL/HFhAApAxscToXYhv5lZlSVBs48VtszkXpcQidxmIWRZwGMGpO8yqUJ9lVXL8q
y2Q9Manr4/EsP2IiPdON/qkOUuS47HN0iI47BpXDbAV+7WIZ+IKur5f6RDQFjPlg
wowP/8d9HCysdXcvEmdZOxUP4Fkzc8LopndZdqmO78bK4WZZktDnVE7Il1bwTHby
BQyK1O8oIKCnhlZ5ibjzcjg57Dov9pA7K1Ww+DikJ2A9wykVf75RdbjZNRA6gd7V
QX+ihnfg7ou0+pbdFJdR+SCzGJ9hEfp8s8zD6zqPvmFomvk86Sg0Ru6qwSZhJq0g
z85FM4EPSo/zg0yQ/h2fAvSluWYCatxGGIJL27GN/o9mjN5qj7QCiprZAqskHgPG
4vrygsLcfKTLxpjJFodYUjdFwIhB6coup+poC2uAxkK4313H6qcWEKePEgJSTWSN
BXn20Ju9MT0mWpiXxCrmurOQsnP5vSLcE9Kop/Id661RG73/wFAqKw6+iJiLEyOD
zTQltgY1e8F8b7B5H9qSjcKUsbsVYKpbg5nukp4Iv7cXaTdf8C04ZhEbdE6/ToSA
Pc4vxvepv3q4Es8Lkjik7whHE09XGn3he5uVroCkji6DX+zwYuvSAKzhWIHhUYJ/
K6cdQkLxERfgnDyYaiXSBcfAr5fE0FmRqA7H9kUfpVFZbw/BRuE=
=k2dL
-----END PGP SIGNATURE-----