[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1018-1] sqlite3 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : sqlite3
Version        : 3.7.13-1+deb7u4
CVE ID         : CVE-2017-10989
Debian Bug     : #867618

It was discovered that there was a heap-based buffer over-read vulnerability in
SQLite, a lightweight database engine. The getNodeSize function in
ext/rtree/rtree.c mishandled undersized RTree blobs in a specially-crafted
database,

For Debian 7 "Wheezy", this issue has been fixed in sqlite3 version
3.7.13-1+deb7u4.

We recommend that you upgrade your sqlite3 packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb, Debian Project Leader
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAllh4+4ACgkQHpU+J9Qx
HlgKmQ/+MZMc/wZyHf/j79ZpuRNfT9zqBelTfoPbsJljo7EWPfRSiHPWCQOSmh/H
GumupH0AXwjYbke50d9fGwnU9caBOfRuLJhFy18ZJ1X5CZBTTKdo/aaU/AcdKObY
IdQkC9c0QsQCnTR8u6taadnXeyk2hB1DR1+VLltrHOdeDo4sv3wDQxKNKqprWESt
oDPiC9+fhw563NQ3UjIMV+ra27BwzVNyPRAroDNvK5xijW8mDFm5jZi2+WoIKAJJ
4PFAvwXEdg2/9yl0+/zmOwB1/XLKz5rqtFrcMhiuF1pHZnZqKBLDIHaEiTg/peRb
6m4uySkn10Hus6nvS72AHE0Il8uqIieUPctJRzzHUw2znQaL9FemH2ajFRjun3Fx
HVoMXEU3DMbCZA5C1kesuf2SfLyMP3iphJh7+oDbH5YPxYa4katK/fqrP1yVymlA
a+TsFRg8glC5rHegotttq2TUIonbGzh/zFSwIqDErNk6+B+pT5ZRAr2ouHpEFRjQ
nvIy695FpZstErt5v1mptWfw2Ngx2R5BlpN8FLOGsE/+vWy/A0oeoOW/T8li5w3j
DRZXS8cjevhTYzzR7NXgBTqIFmuNRoaD1kRIKklobjbRc+MdXrZVJLVW9SR7HeYT
7Hjm6LoUrq/kuOqsDk5fkG1f/v2FzVmRY0k0dwnJ3jjCGMVr5qo=
=cyJg
-----END PGP SIGNATURE-----


Reply to: