Back to sqlite3 PTS page

Accepted sqlite3 3.16.2-5+deb9u2 (source) into oldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted sqlite3 3.16.2-5+deb9u2 (source) into oldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Sat, 22 Aug 2020 21:50:14 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1k9bOw-0000iF-Bu@seger.debian.org>
Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 04 Aug 2020 19:07:43 -0400
Source: sqlite3
Binary: lemon sqlite3 sqlite3-doc libsqlite3-0-dbg libsqlite3-0 libsqlite3-dev libsqlite3-tcl
Architecture: source
Version: 3.16.2-5+deb9u2
Distribution: stretch-security
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Roberto C. Sanchez <roberto@debian.org>
Description:
 lemon      - LALR(1) Parser Generator for C or C++
 libsqlite3-0 - SQLite 3 shared library
 libsqlite3-0-dbg - SQLite 3 debugging symbols
 libsqlite3-dev - SQLite 3 development files
 libsqlite3-tcl - SQLite 3 Tcl bindings
 sqlite3    - Command line interface for SQLite 3
 sqlite3-doc - SQLite 3 documentation
Changes:
 sqlite3 (3.16.2-5+deb9u2) stretch-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2018-8740: Databases whose schema is corrupted using a CREATE TABLE AS
     statement could cause a NULL pointer dereference.
   * CVE-2018-20346, CVE-2018-20506: Add extra defenses against strategically
     corrupt databases to fts3/4.
   * CVE-2019-5827: Integer overflow allowed a remote attacker to potentially
     exploit heap corruption via a crafted HTML page, primarily impacting
     chromium.
   * CVE-2019-9936: Potential information leak when running fts5 prefix queries
     inside a transaction, which could trigger a heap-based buffer over-read.
   * CVE-2019-9937: interleaving reads and writes in a single transaction with
     an fts5 virtual table will lead to a NULL Pointer Dereference
   * CVE-2019-16168: Missing validation resulting in a potential division by
     zero, which can crash a browser or other application
   * CVE-2019-20218: Do not attempt to unwind the WITH stack in the event of a
     parse error
   * CVE-2020-13630: Fix use-after-free in fts3EvalNextRow, related to the
     snippet feature
   * CVE-2020-13632: Fix NULL pointer dereference via a crafted matchinfo()
     query
   * CVE-2020-13871: Fix use-after-free in resetAccumulator in select.c
   * CVE-2020-11655: Fix denial of service resulting from segmentation fault
     via a malformed window-function query.
   * CVE-2020-13434: Fix integer overflow in sqlite3_str_vappendf.
Checksums-Sha1:
 b65f3e93ce105b725dd261aaf673c82084785030 2538 sqlite3_3.16.2-5+deb9u2.dsc
 f2791c61051341da8d634209bb7484ef3de5852b 3383968 sqlite3_3.16.2.orig-www.tar.xz
 bd2e80290b275cb5472ea5ce21b62cd2af950c51 5634120 sqlite3_3.16.2.orig.tar.xz
 7bc6cc5a690766a1152c1f7355d7804db3203a2e 37060 sqlite3_3.16.2-5+deb9u2.debian.tar.xz
 0aa0acb62969035db4d21b2672853bfa06243135 7906 sqlite3_3.16.2-5+deb9u2_amd64.buildinfo
Checksums-Sha256:
 1fb129e1ec23dde5e110b2640cf67c6638a5c0beaa333f63bd188e23dd5df2c4 2538 sqlite3_3.16.2-5+deb9u2.dsc
 d5dd3de405c55c63c9f99fbfcf3defc91a54a81b5656c510cd46544aaed134fa 3383968 sqlite3_3.16.2.orig-www.tar.xz
 bf7b1e8ea7577253b7f8a8287d111d542d1792cf1768edc66541ac851ff92453 5634120 sqlite3_3.16.2.orig.tar.xz
 2999ed49cb86474b912538cdec88f4cb461b9c0d5729df9e4ff90afb762c4470 37060 sqlite3_3.16.2-5+deb9u2.debian.tar.xz
 6f1cc3ce2ef2a59c7a65be5c2a0f92ae7b1ed0d215ad3f033f8bbb047feaa99c 7906 sqlite3_3.16.2-5+deb9u2_amd64.buildinfo
Files:
 7b9b4a69fe1b089eb9ba40333032802c 2538 devel optional sqlite3_3.16.2-5+deb9u2.dsc
 ea684c3843c4a2e979581ddf2afbbdaa 3383968 devel optional sqlite3_3.16.2.orig-www.tar.xz
 c1df8bf374b4a29417aa3308ced0c076 5634120 devel optional sqlite3_3.16.2.orig.tar.xz
 c53fceb060030a725e6b18a2435bbe91 37060 devel optional sqlite3_3.16.2-5+deb9u2.debian.tar.xz
 590ba5857bf7df11e9c957703616ddea 7906 devel optional sqlite3_3.16.2-5+deb9u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAl9BkJ8ACgkQLNd4Xt2n
sg/rZw//fjZAfsATDAAluczn9fPVXlJuwUvpoPBPGgxUO7YtpPbrPxBMQlsN1LtN
9ELOO6l6SchB4SlVybVz10zk+kXkjEnmSWQ2X+kodraouBtvKhIxohHsv5SiFErU
wkrriQ1EdNRopludjZOcYsDGYaZvrX57JbAI19fLmIw8NVoIep+hW8J7nopBZYx5
CS+rdRYLGCpTOmuUIf/KOTNc/RtNmlzW2EKKNnXvH9iaqsjmSKOKMwi10/d2sAOH
G16I9mHxG/Sr04kGPiapBOxymHOnTF0N8ivQAmoqhclmY9lU7xXq96ruIPXJ1yH6
L7zb+PJ4d5wVsZj/QIEtxovzzkfsv9uVCribpjbZdtOpwTw9jI2qvPoMRXFNg0HQ
TuT6QTeXA4eZzG8G7uJFaoudV1pqNxp3EDZd5ZXeDFvzqZCLZWKeG5gyz6k96PcH
u4Tc3IDiCk6jxLcvAjcqd5j5jXT++n1cK6OCquEGT0J3hD5esDsL6wvT01mDnlJ1
6yrWLmU61HgF5r4nnmdEH/zWDZByHGRvaSK4/kZKvt5ulquv3w8FDyWlgRz9t2jv
Op5/OjeqqHypFOTwTsp/gYEYQ+95T2zBFxvClScfxgDTNHaG0qVwgGbrSAzr+wVa
hU+0iV0aNR7fqTHp2cZ8Ez17Hbh4TKbRDD/jjiQ+zyUNJxJG/6o=
=m7UB
-----END PGP SIGNATURE-----