Cross Reference: /freebsd-11-stable/contrib/sqlite3/tea/generic/tclsqlite3.c

History log of /freebsd-11-stable/contrib/sqlite3/tea/generic/tclsqlite3.c
Revision	Date	Author	Comments
# 362190	15-Jun-2020	cy	MFC r362095, r362145 r362095: MFV r362082: Update sqlite3 3.31.1 --> 3.32.0. PR: 247149 Reported by: spam123@bitbert.com Reminded by: emaste Security: CVE-2020-11655, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632 r362145: MFV r362143: Update sqlite3 to 3.32.2 (3320200). CVE-2020-11655: SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. CVE-2020-13434: SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. CVE-2020-13435: SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. CVE-2020-13630: ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature CVE-2020-13631: SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. CVE-2020-13632: ext/fts3/fts3_snippet.c in SQLite before 3.32.0 ha s a NULL pointer dereference via a crafted matchinfo() query. PR: 247149 Reported by: spam123@bitbert.com Security: vuxml: c4ac9c79-ab37-11ea-8b5e-b42e99a1b9c3 https://nvd.nist.gov/vuln/detail/CVE-2020-11655 https://nvd.nist.gov/vuln/detail/CVE-2020-13434 https://nvd.nist.gov/vuln/detail/CVE-2020-13435 https://nvd.nist.gov/vuln/detail/CVE-2020-13630 https://nvd.nist.gov/vuln/detail/CVE-2020-13631 https://nvd.nist.gov/vuln/detail/CVE-2020-13632
# 361456	25-May-2020	cy	MFC r360221-r360223 r360221: In preparation for update to sqlite3-3.31.1 (3310100), recommit r357201: MFV r357163, which was reverted by r357522 due to segfault under PowerPc. Update sqlite3-3.30.1 (3300100) --> sqlite3-3.31.0 (3310000) r360222: MFV r360158: Update sqlite3-3.31.0 (3310000) --> sqlite3-3.31.1 (3310100) Tested by: Mark Millard <marklmi at yahoo.com> With to be committed PowerPC patch r360223: Fix PowerPC segfault. The segfault fix was originally developed by our upstream, sqlite.org, to address S/390 and Sparc segfaults, both of which are big endian. Our PowerPC is also big endian, which this patch also fixes. Reported by: Mark Millard <marklmi at yahoo.com> Tested by: Mark Millard <marklmi at yahoo.com> Obtained from: https://www.sqlite.org/src/vinfo/04885763c4cd00cb?diff=1 https://sqlite.org/forum/forumpost/672291a5b2
# 355326	03-Dec-2019	cy	MFC r354269: MFV r354257: Update sqlite3-3.29.0 (3290000) --> sqlite3-3.30.1 (3300100)
# 347347	08-May-2019	cy	MFC r347139: MFV r347136: Update sqlite3-3.27.2 (3270200) --> sqlite3-3.28.0 (3280000) Security: CVE-2019-9937, CVE-2019-9936
# 346442	20-Apr-2019	cy	MFC r345996: Update sqlite3-3.26.0 (3260000) --> sqlite3-3.27.1 (3270100)
# 322444	12-Aug-2017	peter	MFC: r322386 Update private sqlite3-3.14.1 to sqlite3-3.20.0.