-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 04 Aug 2020 19:07:43 -0400 Source: sqlite3 Binary: lemon sqlite3 sqlite3-doc libsqlite3-0-dbg libsqlite3-0 libsqlite3-dev libsqlite3-tcl Architecture: source Version: 3.16.2-5+deb9u2 Distribution: stretch-security Urgency: high Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org> Changed-By: Roberto C. Sanchez <roberto@debian.org> Description: lemon - LALR(1) Parser Generator for C or C++ libsqlite3-0 - SQLite 3 shared library libsqlite3-0-dbg - SQLite 3 debugging symbols libsqlite3-dev - SQLite 3 development files libsqlite3-tcl - SQLite 3 Tcl bindings sqlite3 - Command line interface for SQLite 3 sqlite3-doc - SQLite 3 documentation Changes: sqlite3 (3.16.2-5+deb9u2) stretch-security; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2018-8740: Databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference. * CVE-2018-20346, CVE-2018-20506: Add extra defenses against strategically corrupt databases to fts3/4. * CVE-2019-5827: Integer overflow allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, primarily impacting chromium. * CVE-2019-9936: Potential information leak when running fts5 prefix queries inside a transaction, which could trigger a heap-based buffer over-read. * CVE-2019-9937: interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference * CVE-2019-16168: Missing validation resulting in a potential division by zero, which can crash a browser or other application * CVE-2019-20218: Do not attempt to unwind the WITH stack in the event of a parse error * CVE-2020-13630: Fix use-after-free in fts3EvalNextRow, related to the snippet feature * CVE-2020-13632: Fix NULL pointer dereference via a crafted matchinfo() query * CVE-2020-13871: Fix use-after-free in resetAccumulator in select.c * CVE-2020-11655: Fix denial of service resulting from segmentation fault via a malformed window-function query. * CVE-2020-13434: Fix integer overflow in sqlite3_str_vappendf. Checksums-Sha1: b65f3e93ce105b725dd261aaf673c82084785030 2538 sqlite3_3.16.2-5+deb9u2.dsc f2791c61051341da8d634209bb7484ef3de5852b 3383968 sqlite3_3.16.2.orig-www.tar.xz bd2e80290b275cb5472ea5ce21b62cd2af950c51 5634120 sqlite3_3.16.2.orig.tar.xz 7bc6cc5a690766a1152c1f7355d7804db3203a2e 37060 sqlite3_3.16.2-5+deb9u2.debian.tar.xz 0aa0acb62969035db4d21b2672853bfa06243135 7906 sqlite3_3.16.2-5+deb9u2_amd64.buildinfo Checksums-Sha256: 1fb129e1ec23dde5e110b2640cf67c6638a5c0beaa333f63bd188e23dd5df2c4 2538 sqlite3_3.16.2-5+deb9u2.dsc d5dd3de405c55c63c9f99fbfcf3defc91a54a81b5656c510cd46544aaed134fa 3383968 sqlite3_3.16.2.orig-www.tar.xz bf7b1e8ea7577253b7f8a8287d111d542d1792cf1768edc66541ac851ff92453 5634120 sqlite3_3.16.2.orig.tar.xz 2999ed49cb86474b912538cdec88f4cb461b9c0d5729df9e4ff90afb762c4470 37060 sqlite3_3.16.2-5+deb9u2.debian.tar.xz 6f1cc3ce2ef2a59c7a65be5c2a0f92ae7b1ed0d215ad3f033f8bbb047feaa99c 7906 sqlite3_3.16.2-5+deb9u2_amd64.buildinfo Files: 7b9b4a69fe1b089eb9ba40333032802c 2538 devel optional sqlite3_3.16.2-5+deb9u2.dsc ea684c3843c4a2e979581ddf2afbbdaa 3383968 devel optional sqlite3_3.16.2.orig-www.tar.xz c1df8bf374b4a29417aa3308ced0c076 5634120 devel optional sqlite3_3.16.2.orig.tar.xz c53fceb060030a725e6b18a2435bbe91 37060 devel optional sqlite3_3.16.2-5+deb9u2.debian.tar.xz 590ba5857bf7df11e9c957703616ddea 7906 devel optional sqlite3_3.16.2-5+deb9u2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAl9BkJ8ACgkQLNd4Xt2n sg/rZw//fjZAfsATDAAluczn9fPVXlJuwUvpoPBPGgxUO7YtpPbrPxBMQlsN1LtN 9ELOO6l6SchB4SlVybVz10zk+kXkjEnmSWQ2X+kodraouBtvKhIxohHsv5SiFErU wkrriQ1EdNRopludjZOcYsDGYaZvrX57JbAI19fLmIw8NVoIep+hW8J7nopBZYx5 CS+rdRYLGCpTOmuUIf/KOTNc/RtNmlzW2EKKNnXvH9iaqsjmSKOKMwi10/d2sAOH G16I9mHxG/Sr04kGPiapBOxymHOnTF0N8ivQAmoqhclmY9lU7xXq96ruIPXJ1yH6 L7zb+PJ4d5wVsZj/QIEtxovzzkfsv9uVCribpjbZdtOpwTw9jI2qvPoMRXFNg0HQ TuT6QTeXA4eZzG8G7uJFaoudV1pqNxp3EDZd5ZXeDFvzqZCLZWKeG5gyz6k96PcH u4Tc3IDiCk6jxLcvAjcqd5j5jXT++n1cK6OCquEGT0J3hD5esDsL6wvT01mDnlJ1 6yrWLmU61HgF5r4nnmdEH/zWDZByHGRvaSK4/kZKvt5ulquv3w8FDyWlgRz9t2jv Op5/OjeqqHypFOTwTsp/gYEYQ+95T2zBFxvClScfxgDTNHaG0qVwgGbrSAzr+wVa hU+0iV0aNR7fqTHp2cZ8Ez17Hbh4TKbRDD/jjiQ+zyUNJxJG/6o= =m7UB -----END PGP SIGNATURE-----
