Univention Bugzilla – Full Text Bug Listing |
Summary: | sqlite3: Multiple issues (4.2) | ||
---|---|---|---|
Product: | UCS | Reporter: | Philipp Hahn <hahn> |
Component: | Security updates | Assignee: | Quality Assurance <qa> |
Status: | CLOSED FIXED | QA Contact: | Philipp Hahn <hahn> |
Severity: | normal | ||
Priority: | P3 | ||
Version: | UCS 4.2 | ||
Target Milestone: | UCS 4.2-5-errata | ||
Hardware: | All | ||
OS: | Linux | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | 3.6 (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L) |
Description
Philipp Hahn
2019-01-14 12:13:59 CET
--- mirror/ftp/4.2/unmaintained/component/4.2-5-errata/source/sqlite3_3.8.7.1-1+deb8u3.dsc +++ apt/ucs_4.2-0-errata4.2-5/source/sqlite3_3.8.7.1-1+deb8u4.dsc @@ -1,6 +1,23 @@ +3.8.7.1-1+deb8u4 [Fri, 11 Jan 2019 14:43:33 +0100] Markus Koschany <apo@debian.org>: + + * Non-maintainer upload by the LTS team. + * CVE-2018-8740: Databases whose schema is corrupted using a CREATE TABLE AS + statement could cause a NULL pointer dereference. + * CVE-2017-2520: The sqlite3_value_text() interface returned a buffer that + was not large enough to hold the complete string plus zero terminator when + the input was a zeroblob. This could lead to arbitrary code execution or a + denial-of-service. + * CVE-2017-2519: Insufficient size of the reference count on Table objects + could lead to a denial-of-service or arbitrary code execution. + * CVE-2017-2518: A use-after-free bug in the query optimizer may cause a + buffer overflow and application crash via a crafted SQL statement. + * CVE-2017-10989: SQLite mishandles undersized RTree blobs in a crafted + database leading to a heap-based buffer over-read or possibly unspecified + other impact. + 3.8.7.1-1+deb8u3 [Sat, 22 Dec 2018 00:28:43 +0100] Mike Gabriel <sunweaver@debian.org>: - * Non-maintainer upload by the Debian LTS Team. + * Non-maintainer upload by the Debian LTS Team. * CVE-2018-20346: Add extra defenses against strategically corrupt databases - to fts3/4. + to fts3/4. <http://10.200.17.11/4.2-5/#3615057425446014003> OK: yaml OK: announce_errata OK: patch OK: piuparts [4.2-5] 48e1b13fd1 Bug #48455: sqlite3_3.8.7.1-1+deb8u4 doc/errata/staging/sqlite3.yaml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) |