-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 01 Jun 2019 15:38:52 +0000 Source: sqlite3 Architecture: source Version: 3.27.2-3 Distribution: unstable Urgency: high Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org> Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org> Closes: 928770 Changes: sqlite3 (3.27.2-3) unstable; urgency=high . * Backport security related patches: - CVE-2019-8457: heap out-of-bound read in the rtreenode() function when handling invalid rtree tables, - prevent aliases of window functions expressions from being used as arguments to aggregate or other window functions (probably fixing CVE-2019-5018) (closes: #928770), - enforce the SQLITE_LIMIT_COLUMN limit on virtual tables (probably fixing most of CVE-2019-5827), - use the 64-bit memory allocator interfaces in extensions, whenever possible (probably additional fix for CVE-2019-5827). Checksums-Sha1: a5c0057fde4e8959024610fe1078740908fceccd 2398 sqlite3_3.27.2-3.dsc feb345f5e9a20730d8839d8d22049b41e8033a26 30372 sqlite3_3.27.2-3.debian.tar.xz 6adc6ddeaf0b145993df10bee55b09842b6db183 9077 sqlite3_3.27.2-3_amd64.buildinfo Checksums-Sha256: 4d8c953891d6268911aa273f8cb7c9e0bdd026c7918f6203fd019d3e16cea1cc 2398 sqlite3_3.27.2-3.dsc 0a95abfc23baa8d0fa2ec7fc6b96f46e34c37f23ff540bc041eff111e6550af9 30372 sqlite3_3.27.2-3.debian.tar.xz 5ffc0b2330dca6617c0cd54497e5a249f71703770f7300fb2355afef7bd9ac66 9077 sqlite3_3.27.2-3_amd64.buildinfo Files: ec0bb67d9c1eef8e8d521bbc62937420 2398 devel optional sqlite3_3.27.2-3.dsc 6320b89221e1b2698af7e8fde62eeb54 30372 devel optional sqlite3_3.27.2-3.debian.tar.xz 7fba009d98e161cbdf195855f00dc565 9077 devel optional sqlite3_3.27.2-3_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAlz+iXIACgkQ3OMQ54ZM yL/HFhAApAxscToXYhv5lZlSVBs48VtszkXpcQidxmIWRZwGMGpO8yqUJ9lVXL8q y2Q9Manr4/EsP2IiPdON/qkOUuS47HN0iI47BpXDbAV+7WIZ+IKur5f6RDQFjPlg wowP/8d9HCysdXcvEmdZOxUP4Fkzc8LopndZdqmO78bK4WZZktDnVE7Il1bwTHby BQyK1O8oIKCnhlZ5ibjzcjg57Dov9pA7K1Ww+DikJ2A9wykVf75RdbjZNRA6gd7V QX+ihnfg7ou0+pbdFJdR+SCzGJ9hEfp8s8zD6zqPvmFomvk86Sg0Ru6qwSZhJq0g z85FM4EPSo/zg0yQ/h2fAvSluWYCatxGGIJL27GN/o9mjN5qj7QCiprZAqskHgPG 4vrygsLcfKTLxpjJFodYUjdFwIhB6coup+poC2uAxkK4313H6qcWEKePEgJSTWSN BXn20Ju9MT0mWpiXxCrmurOQsnP5vSLcE9Kop/Id661RG73/wFAqKw6+iJiLEyOD zTQltgY1e8F8b7B5H9qSjcKUsbsVYKpbg5nukp4Iv7cXaTdf8C04ZhEbdE6/ToSA Pc4vxvepv3q4Es8Lkjik7whHE09XGn3he5uVroCkji6DX+zwYuvSAKzhWIHhUYJ/ K6cdQkLxERfgnDyYaiXSBcfAr5fE0FmRqA7H9kUfpVFZbw/BRuE= =k2dL -----END PGP SIGNATURE-----