Bug 48404 – sqlite3: Multiple issues (4.2)

Bug 48404 - sqlite3: Multiple issues (4.2)


Summary:	sqlite3: Multiple issues (4.2)

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Security updates
Version:	UCS 4.2
Hardware:	All Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.2-5-errata
Assigned To:	Quality Assurance
QA Contact:	Philipp Hahn

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2019-01-03 08:21 CET by Quality Assurance
Modified:	2019-01-09 14:16 CET (History)
CC List:	0 users

See Also:
What kind of report is it?:	Security Issue
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:	0.0 () Debian

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Quality Assurance

2019-01-03 08:21:09 CET

New Debian sqlite3 3.8.7.1-1+deb8u3 fixes:
This update addresses the following issue:
* sqlite3 (CVE-2018-20346)

Comment 1 Quality Assurance

2019-01-03 09:00:24 CET

--- mirror/ftp/4.2/unmaintained/4.2-0/source/sqlite3_3.8.7.1-1+deb8u2.dsc
+++ apt/ucs_4.2-0-errata4.2-5/source/sqlite3_3.8.7.1-1+deb8u3.dsc
@@ -1,3 +1,9 @@
+3.8.7.1-1+deb8u3 [Sat, 22 Dec 2018 00:28:43 +0100] Mike Gabriel <sunweaver@debian.org>:
+
+  * Non-maintainer upload by the Debian LTS Team. 
+  * CVE-2018-20346: Add extra defenses against strategically corrupt databases
+    to fts3/4. 
+
 3.8.7.1-1+deb8u2 [Thu, 25 Aug 2016 16:10:24 +0000] Laszlo Boszormenyi (GCS) <gcs@debian.org>:
 
   * Fix CVE-2016-6153 , Tempdir Selection Vulnerability.

<http://10.200.17.11/4.2-5/#3615057425453591678>

Comment 2 Philipp Hahn

2019-01-03 12:31:28 CET

OK: yaml
OK: announce_errata
OK: patch
OK: piuparts

[4.2-5] c55143422f Bug #48404: sqlite3 3.8.7.1-1+deb8u3
 doc/errata/staging/sqlite3.yaml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

[4.2-5] 918b95887c Bug #48404: sqlite3 3.8.7.1-1+deb8u3
 doc/errata/staging/sqlite3.yaml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

Comment 3 Arvid Requate

2019-01-09 14:16:42 CET

<http://errata.software-univention.de/ucs/4.2/574.html>