-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 11 Jan 2019 14:43:33 +0100 Source: sqlite3 Binary: lemon sqlite3 sqlite3-doc libsqlite3-0-dbg libsqlite3-0 libsqlite3-dev libsqlite3-tcl Architecture: source all amd64 Version: 3.8.7.1-1+deb8u4 Distribution: jessie-security Urgency: high Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: lemon - LALR(1) Parser Generator for C or C++ libsqlite3-0 - SQLite 3 shared library libsqlite3-0-dbg - SQLite 3 debugging symbols libsqlite3-dev - SQLite 3 development files libsqlite3-tcl - SQLite 3 Tcl bindings sqlite3 - Command line interface for SQLite 3 sqlite3-doc - SQLite 3 documentation Changes: sqlite3 (3.8.7.1-1+deb8u4) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * CVE-2018-8740: Databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference. * CVE-2017-2520: The sqlite3_value_text() interface returned a buffer that was not large enough to hold the complete string plus zero terminator when the input was a zeroblob. This could lead to arbitrary code execution or a denial-of-service. * CVE-2017-2519: Insufficient size of the reference count on Table objects could lead to a denial-of-service or arbitrary code execution. * CVE-2017-2518: A use-after-free bug in the query optimizer may cause a buffer overflow and application crash via a crafted SQL statement. * CVE-2017-10989: SQLite mishandles undersized RTree blobs in a crafted database leading to a heap-based buffer over-read or possibly unspecified other impact. Checksums-Sha1: 15561e93aa6ae920b255d9caba0d94aee2428cb9 2705 sqlite3_3.8.7.1-1+deb8u4.dsc 8f7bc583cfcaa92ffed570dfd47b1689394c45b9 24436 sqlite3_3.8.7.1-1+deb8u4.debian.tar.xz 5f2499c7a696b8b13571af32858413b3b47c9dad 2986650 sqlite3-doc_3.8.7.1-1+deb8u4_all.deb 55926feaa86c46900a2781aec6b7ef9070b83c33 117638 lemon_3.8.7.1-1+deb8u4_amd64.deb f1c1d3402b9680c4d51576ad398a50dedabfa2ff 102012 sqlite3_3.8.7.1-1+deb8u4_amd64.deb 37755fd52c990af2c31a5e5af0311c331c529e78 1008816 libsqlite3-0-dbg_3.8.7.1-1+deb8u4_amd64.deb 21a302e183141672b929082f34968f59a9b12f74 438656 libsqlite3-0_3.8.7.1-1+deb8u4_amd64.deb 33b45138ccec4f1c39f86ff7a30860afef24759b 538268 libsqlite3-dev_3.8.7.1-1+deb8u4_amd64.deb 61fa4eeb62c2cc46f5055b27f6615b5479de267c 88032 libsqlite3-tcl_3.8.7.1-1+deb8u4_amd64.deb Checksums-Sha256: e4b52b1144ea546f92e1f7e7239b1f45a6ff83732bd03d5b549ab953274ee293 2705 sqlite3_3.8.7.1-1+deb8u4.dsc 8d9be049e9abe6221b39f84d564ff310ecbbd328bd5876b672f8294e55ba1953 24436 sqlite3_3.8.7.1-1+deb8u4.debian.tar.xz b3ae3921ac56bcde6ecefbffdf0c7234af91b61311c7e6caad72a76c42eff16a 2986650 sqlite3-doc_3.8.7.1-1+deb8u4_all.deb 832f24cb25c017bf19a713a403c57d1c6b3e3a2f4c838f521d313f18bf1abcbb 117638 lemon_3.8.7.1-1+deb8u4_amd64.deb 55bd1f23d7d027d25e0327ae034722eed6b2a990cc8c939ef56d6abffe0964f8 102012 sqlite3_3.8.7.1-1+deb8u4_amd64.deb c7dafd3a4eeae89adb9324e753f154266ec5a7053f4967f3e7be912e4bf5f487 1008816 libsqlite3-0-dbg_3.8.7.1-1+deb8u4_amd64.deb c55fc11aac51c1d3e878ffd61d371962687dd9031100e5f7c9a5c2a964d0a7d4 438656 libsqlite3-0_3.8.7.1-1+deb8u4_amd64.deb c7bc076b5d625005ae225c0502bcc5171d3560233c05a07c862586d76f8c663e 538268 libsqlite3-dev_3.8.7.1-1+deb8u4_amd64.deb 64e4beca7105b2d7d3e232d4f88dbec8e6a9c30d462b44e605835a75ed8e807e 88032 libsqlite3-tcl_3.8.7.1-1+deb8u4_amd64.deb Files: c6c1abeb166147a5b481e540059bea4b 2705 devel optional sqlite3_3.8.7.1-1+deb8u4.dsc afb81df01b10c8e0c8d7a602e89093b6 24436 devel optional sqlite3_3.8.7.1-1+deb8u4.debian.tar.xz c6a65fdf25638c12ff2bffc260ad0f87 2986650 doc optional sqlite3-doc_3.8.7.1-1+deb8u4_all.deb 6849e2e9b6f0aa7d8648886018199d95 117638 devel optional lemon_3.8.7.1-1+deb8u4_amd64.deb c47ee00da961b6498c6e315c8339f3a3 102012 database optional sqlite3_3.8.7.1-1+deb8u4_amd64.deb 0c8d5848098648c5a31e8e45fdbaaee3 1008816 debug extra libsqlite3-0-dbg_3.8.7.1-1+deb8u4_amd64.deb 952400feabcbbcb9355fd9c8c58e8cac 438656 libs standard libsqlite3-0_3.8.7.1-1+deb8u4_amd64.deb 840d75f3a4eb859e58fa8c19f64bd371 538268 libdevel optional libsqlite3-dev_3.8.7.1-1+deb8u4_amd64.deb ef3d7118635dc9f0059cbf707ad5d479 88032 interpreters optional libsqlite3-tcl_3.8.7.1-1+deb8u4_amd64.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlw4spxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk2tUQAMnr4mplRNmGI1p4r8W6+bkZHKDPYNNn8SYz CvO5OCuJwYGXZmQuI/mCG/G9O89WZQcylbfPnk1MCbn9yjvDnt2vvChh0NW3a9+f rbsaUYIwwGdm+6kKKvkfYIomyUI0NrOr9yDOe+G9jY5umBQG2Xzz/i+BCWQ4lcnZ UZfDnn+AM5/p04nGfsmq0SDxBdqyWUiI/fvNByQXCxx58zhCCsH1GRhuXpkgn/kA gFbp9R0m+C6QXPk8JOCWDELBSovjWppJ0BcrnOuF2BYD4vNWoMz+9INlVuRQHHXu VI5SAL0M6lzUBqKNJUO2fdnO0IuUqqwnvVNJx1zY8sr6NO6bFFRRYeBpg9YrM/m0 XurexDyJh1SL+h8MPEfS2xHsmvwlkhSIxUGZbLmQsfG5aTR/iSPWDQ3a4KQue3c+ 4gAXUZTf8tb42DeDpAo/iToVMSr8u154lJP3km7HpVTqdaPgp7ivkFL39Krlh3GN cMkx8lIhbU2/o5kmeWqevHmZds6M83MgAC92JopghyBL7lxW15LADwwOF9lPrrBy sEkx4JMxQ6Zf6c4eEC7GZ7gCF5FVpBrnKTJKwRrqin3fXJscThuYkUmQEABpIDRp shKqi877ioKMFBduPrmfUQGkjbP/HBaypw0BzfN28fAeA+nK72rdiL+tC81cXjWh PQ07bBLb =QqLp -----END PGP SIGNATURE-----
