Univention Bugzilla – Bug 55207
sqlite3: Multiple issues (5.0)
Last modified: 2022-09-21 17:07:53 CEST
New Debian sqlite3 3.27.2-3+deb10u2 fixes: This update addresses the following issues: * Null pointer derreference in src/select.c (CVE-2020-35525) * Out of bounds access during table rename (CVE-2020-35527) * An issue was found in fts5UnicodeTokenize() in ext/fts5/fts5_tokenize.c in Sqlite. A unicode61 tokenizer configured to treat unicode "control-characters" (class Cc), was treating embedded nul characters as tokens. The issue was fixed in sqlite-3.34.0 and later. (CVE-2021-20223)
--- mirror/ftp/pool/main/s/sqlite3/sqlite3_3.27.2-3+deb10u1.dsc +++ apt/ucs_5.0-0-errata5.0-2/source/sqlite3_3.27.2-3+deb10u2.dsc @@ -1,3 +1,13 @@ +3.27.2-3+deb10u2 [Tue, 13 Sep 2022 15:15:07 +0100] Chris Lamb <lamby@debian.org>: + + * CVE-2020-35525: Prevent a potential null pointer deference issue in + INTERSEC query processing. + * CVE-2020-35527: Prevent an out-of-bounds access issue that could be + exploited via ALTER TABLE in views that have a nested FROM clauses. + * CVE-2021-20223: Prevent an issue with the "unicode61" tokenizer related to + Unicode control characters ("class Cc") and embedded NUL characters being + misinterpreted as tokens. + 3.27.2-3+deb10u1 [Mon, 05 Oct 2020 22:53:55 +0200] Moritz Mühlenhoff <jmm@debian.org>: * CVE-2019-19923 <http://piuparts.knut.univention.de/5.0-2/#8437553607079516795>
OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-2] 4b3a73c581 Bug #55207: sqlite3 3.27.2-3+deb10u2 doc/errata/staging/sqlite3.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) [5.0-2] a8e85e3202 Bug #55207: sqlite3 3.27.2-3+deb10u2 doc/errata/staging/sqlite3.yaml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x429>