[SECURITY] [DLA 2203-1] sqlite3 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2203-1] sqlite3 security update
From: "Chris Lamb" <lamby@debian.org>
Date: Tue, 05 May 2020 21:32:48 +0100
Message-id: <[🔎] eebb8c85-ee12-4aa5-908b-8b4e802f075e@sloti26t01>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : sqlite3
Version        : 3.8.7.1-1+deb8u5
CVE ID         : CVE-2020-11655

It was discovered that there was a denial of service attack in the
SQLite database, often embedded into other programs and servers.

In the event of a semantic error in an aggregate query, SQLite did
not return early from the "resetAccumulator()" function which would
lead to a crash via a segmentation fault.

For Debian 8 "Jessie", this issue has been fixed in sqlite3 version
3.8.7.1-1+deb8u5.

We recommend that you upgrade your sqlite3 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl6xzDkACgkQHpU+J9Qx
Hlg0yxAAxtGVrOHs5KLHzkABNV4DR/r6TkFd1kioWNUgBT+QJNaZg+JXaXUTeT7E
r1GC/pJaTur9852AOQ9lkF4e+JBGeudiTAEWoceTAKZrT6htCvG0wNuUHElNvNMG
RTT/tNA6UCKH0OBuvqO7nRPJS7F9gkT1IfQefqDPb94V4CYo1IPDZ1cz+s87N+wk
gudln5rCdyoEROsc68q5hcus6qDJTD9bURxV028JnLO95ObnkkLGLCH58FhqID5c
zk7Z9F0w2HNIXcFr90izjHBLaZazDP8nuR6/pEPgT9rMk/HCwLONSjsGwzTRIoLk
IV3j9MHwsnJw16h4ytgqc8T2kzbYOkPCKqGgZXZ+XWZLUUeAwmdIEEMEXclTNx2o
KsEJkqSiurutYufFojaxlip3Qgpsxj93g0PiivO6qQ9iK3zXPFREtb2kDfxvVHmj
BL7Un/fhVs39ItahSZUQFnxFzz4pC3L2rF6tnqZAhZBSjouSpdv5hd0lqOPn2MeD
8fTkBoCuuQ2XeKqtQHPxLz/jLnGJxZquFO9iyRBINOWUctZ437j2ny2UNRs1Kbfq
3IAv1u0mZ7Ocn9zA+e6Q/3B5vN9hD2R0VKeNO0KvatvJjI2J2Fw2CBDi7XWNayYj
0zNk0q9O1Mb8BE9JqhmJi6CXBDZAQCi0Ftgq6mel9Z2Aev2U69M=
=NKm0
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2202-1] ansible security update
Next by Date: [SECURITY] [DLA 2204-1] mailman security update
Previous by thread: [SECURITY] [DLA 2202-1] ansible security update
Next by thread: [SECURITY] [DLA 2204-1] mailman security update
Index(es):
- Date
- Thread