[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 3107-1] sqlite3 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3107-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
September 13, 2022                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : sqlite3
Version        : 3.27.2-3+deb10u2
CVE IDs        : CVE-2020-35525 CVE-2020-35527 CVE-2021-20223

It was discovered that there were three issues in SQLite:

* CVE-2020-35525: Prevent a potential null pointer deference issue in
  INTERSEC query processing.

* CVE-2020-35527: Prevent an out-of-bounds access issue that could be
  exploited via ALTER TABLE in views that have a nested FROM clauses.

* CVE-2021-20223: Prevent an issue with the "unicode61" tokenizer
  related to Unicode control characters ("class Cc") and embedded NUL
  characters being misinterpreted as tokens.


For Debian 10 buster, these problems have been fixed in version
3.27.2-3+deb10u2.

We recommend that you upgrade your sqlite3 packages.

For the detailed security status of sqlite3 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/sqlite3

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmMgkh0ACgkQHpU+J9Qx
HljR/A//YgkPQl/Rn2CXL+swtj7b7vNO/WZNAqHOLu63m2nEUdcTv0Tpj2ly0tSf
6XuL3xFkrnuy/0tCdd+EuFW7vsY7hzEwiingAdLDcgfXd4F+WFgk9ZfFRnB0RxEg
yhfp0qELKTLajrAxge0gEVZuzaXTfGymaBF3SVzmpDJ0AIpIth8eRn4Ooe5rpMCk
t6qK5ao4t6kjMqzIyjdmzIGktOft5GsoOvU5zNurmExRs2vhHiUGQVH5ycx9pCoI
7CFQQzGtFsRugQlbO73usO2B12N19yLrStf8/VCuGpzcGnhPFGpv900Ssey0Lh8R
st9tf6N/FRZwqcrvRc/peHcgenGSEI2lsTpW7JJt+vYtP+YXUh8Vii1ve257GFe+
KMBuVNKDcxOaFwf6Wc/Uhrixe6+tZZIuQIVQF2iEeFDWHv8viwlQgJDPVQpfjBu6
YVgrQjAwkSZYvXXi7zXvSvvci8QVNGUJyYnov/oqxuju+M3eERTGZpuzoxfDAWnA
ifD7O0hFRko9VDuF4aoK/tuJbyu34ys0LALOY7AFsqh2Mlj7bzRZxKEAM6TOgWr7
FIaEQgu1LsSiuuyF35673cuGPZwf+sWggC/RVh8WQFzRYuJEseMqWrACOUJ/wcNV
2YsRXmKY1o6W2PGogKwxwvordC35NTswksHfU1RMmZmNiTO1q8E=
=w87F
-----END PGP SIGNATURE-----


Reply to: