Bug 48404

Summary:	sqlite3: Multiple issues (4.2)
Product:	UCS	Reporter:	Quality Assurance <qa>
Component:	Security updates	Assignee:	Quality Assurance <qa>
Status:	CLOSED FIXED	QA Contact:	Philipp Hahn <hahn>
Severity:	normal
Priority:	P5
Version:	UCS 4.2
Target Milestone:	UCS 4.2-5-errata
Hardware:	All
OS:	Linux
What kind of report is it?:	Security Issue	What type of bug is this?:	---
Who will be affected by this bug?:	---	How will those affected feel about the bug?:	---
User Pain:		Enterprise Customer affected?:
School Customer affected?:		ISV affected?:
Waiting Support:		Flags outvoted (downgraded) after PO Review:
Ticket number:		Bug group (optional):
Max CVSS v3 score:	0.0 () Debian

Description Quality Assurance

2019-01-03 08:21:09 CET

New Debian sqlite3 3.8.7.1-1+deb8u3 fixes:
This update addresses the following issue:
* sqlite3 (CVE-2018-20346)

Comment 1 Quality Assurance

2019-01-03 09:00:24 CET

--- mirror/ftp/4.2/unmaintained/4.2-0/source/sqlite3_3.8.7.1-1+deb8u2.dsc
+++ apt/ucs_4.2-0-errata4.2-5/source/sqlite3_3.8.7.1-1+deb8u3.dsc
@@ -1,3 +1,9 @@
+3.8.7.1-1+deb8u3 [Sat, 22 Dec 2018 00:28:43 +0100] Mike Gabriel <sunweaver@debian.org>:
+
+  * Non-maintainer upload by the Debian LTS Team. 
+  * CVE-2018-20346: Add extra defenses against strategically corrupt databases
+    to fts3/4. 
+
 3.8.7.1-1+deb8u2 [Thu, 25 Aug 2016 16:10:24 +0000] Laszlo Boszormenyi (GCS) <gcs@debian.org>:
 
   * Fix CVE-2016-6153 , Tempdir Selection Vulnerability.

<http://10.200.17.11/4.2-5/#3615057425453591678>

Comment 2 Philipp Hahn

2019-01-03 12:31:28 CET

OK: yaml
OK: announce_errata
OK: patch
OK: piuparts

[4.2-5] c55143422f Bug #48404: sqlite3 3.8.7.1-1+deb8u3
 doc/errata/staging/sqlite3.yaml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

[4.2-5] 918b95887c Bug #48404: sqlite3 3.8.7.1-1+deb8u3
 doc/errata/staging/sqlite3.yaml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

Comment 3 Arvid Requate

2019-01-09 14:16:42 CET

<http://errata.software-univention.de/ucs/4.2/574.html>