#
369951 |
|
06-Jun-2021 |
cy |
sqlite3: import sqlite3 3.35.5
Merge commit '0511e356f5e2106928ee352ee974d1470c860a9a' into new_merge
Changes at https://www.sqlite.org/releaselog/3_35_5.html.
MFC after: 1 month
(cherry picked from commit ce9de47260d4edc963a94140789e4a52642c28e6)
Git Hash: d9d03b5409f32668a71468975d944ac1015e878b Git Author: cy@FreeBSD.org
|
#
362190 |
|
15-Jun-2020 |
cy |
MFC r362095, r362145
r362095: MFV r362082:
Update sqlite3 3.31.1 --> 3.32.0.
PR: 247149 Reported by: spam123@bitbert.com Reminded by: emaste Security: CVE-2020-11655, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632
r362145: MFV r362143:
Update sqlite3 to 3.32.2 (3320200).
CVE-2020-11655: SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
CVE-2020-13434: SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
CVE-2020-13435: SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
CVE-2020-13630: ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature
CVE-2020-13631: SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
CVE-2020-13632: ext/fts3/fts3_snippet.c in SQLite before 3.32.0 ha s a NULL pointer dereference via a crafted matchinfo() query.
PR: 247149 Reported by: spam123@bitbert.com Security: vuxml: c4ac9c79-ab37-11ea-8b5e-b42e99a1b9c3 https://nvd.nist.gov/vuln/detail/CVE-2020-11655 https://nvd.nist.gov/vuln/detail/CVE-2020-13434 https://nvd.nist.gov/vuln/detail/CVE-2020-13435 https://nvd.nist.gov/vuln/detail/CVE-2020-13630 https://nvd.nist.gov/vuln/detail/CVE-2020-13631 https://nvd.nist.gov/vuln/detail/CVE-2020-13632
|
#
361456 |
|
25-May-2020 |
cy |
MFC r360221-r360223
r360221: In preparation for update to sqlite3-3.31.1 (3310100), recommit r357201: MFV r357163, which was reverted by r357522 due to segfault under PowerPc.
Update sqlite3-3.30.1 (3300100) --> sqlite3-3.31.0 (3310000)
r360222: MFV r360158:
Update sqlite3-3.31.0 (3310000) --> sqlite3-3.31.1 (3310100)
Tested by: Mark Millard <marklmi at yahoo.com> With to be committed PowerPC patch
r360223: Fix PowerPC segfault.
The segfault fix was originally developed by our upstream, sqlite.org, to address S/390 and Sparc segfaults, both of which are big endian. Our PowerPC is also big endian, which this patch also fixes.
Reported by: Mark Millard <marklmi at yahoo.com> Tested by: Mark Millard <marklmi at yahoo.com> Obtained from: https://www.sqlite.org/src/vinfo/04885763c4cd00cb?diff=1 https://sqlite.org/forum/forumpost/672291a5b2
|
#
355326 |
|
03-Dec-2019 |
cy |
MFC r354269:
MFV r354257:
Update sqlite3-3.29.0 (3290000) --> sqlite3-3.30.1 (3300100)
|
#
347347 |
|
08-May-2019 |
cy |
MFC r347139:
MFV r347136: Update sqlite3-3.27.2 (3270200) --> sqlite3-3.28.0 (3280000)
Security: CVE-2019-9937, CVE-2019-9936
|
#
346442 |
|
20-Apr-2019 |
cy |
MFC r345996:
Update sqlite3-3.26.0 (3260000) --> sqlite3-3.27.1 (3270100)
|
#
342292 |
|
21-Dec-2018 |
cy |
MFC r333352 & r342183:
r333352: Update private sqlite from sqlite3-3.20.0 to sqlite3-3.23.1 r342183: Update sqlite3-3.23.1 --> sqlite3-3.26.0 (3260000)
PR: 234113 Security: https://blade.tencent.com/magellan/index_en.html No known CVE was apparently registered.
|
#
322444 |
|
12-Aug-2017 |
peter |
MFC: r322386 Update private sqlite3-3.14.1 to sqlite3-3.20.0.
|
#
305002 |
|
29-Aug-2016 |
cy |
MFC r304747:
Update from sqlite3-3.12.1 (3120100) to sqlite3-3.14.1 (3140100).
This commit addresses the tmpdir selection vulnerability fixed in sqlite3-1.13.0. See VuXML entry 546deeea-3fc6-11e6-a671-60a44ce6887b.
Security: VuXML 546deeea-3fc6-11e6-a671-60a44ce6887b Security: CVE-2016-6153
|