#
362190 |
|
15-Jun-2020 |
cy |
MFC r362095, r362145
r362095: MFV r362082:
Update sqlite3 3.31.1 --> 3.32.0.
PR: 247149 Reported by: spam123@bitbert.com Reminded by: emaste Security: CVE-2020-11655, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632
r362145: MFV r362143:
Update sqlite3 to 3.32.2 (3320200).
CVE-2020-11655: SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
CVE-2020-13434: SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
CVE-2020-13435: SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
CVE-2020-13630: ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature
CVE-2020-13631: SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
CVE-2020-13632: ext/fts3/fts3_snippet.c in SQLite before 3.32.0 ha s a NULL pointer dereference via a crafted matchinfo() query.
PR: 247149 Reported by: spam123@bitbert.com Security: vuxml: c4ac9c79-ab37-11ea-8b5e-b42e99a1b9c3 https://nvd.nist.gov/vuln/detail/CVE-2020-11655 https://nvd.nist.gov/vuln/detail/CVE-2020-13434 https://nvd.nist.gov/vuln/detail/CVE-2020-13435 https://nvd.nist.gov/vuln/detail/CVE-2020-13630 https://nvd.nist.gov/vuln/detail/CVE-2020-13631 https://nvd.nist.gov/vuln/detail/CVE-2020-13632
|
#
361456 |
|
25-May-2020 |
cy |
MFC r360221-r360223
r360221: In preparation for update to sqlite3-3.31.1 (3310100), recommit r357201: MFV r357163, which was reverted by r357522 due to segfault under PowerPc.
Update sqlite3-3.30.1 (3300100) --> sqlite3-3.31.0 (3310000)
r360222: MFV r360158:
Update sqlite3-3.31.0 (3310000) --> sqlite3-3.31.1 (3310100)
Tested by: Mark Millard <marklmi at yahoo.com> With to be committed PowerPC patch
r360223: Fix PowerPC segfault.
The segfault fix was originally developed by our upstream, sqlite.org, to address S/390 and Sparc segfaults, both of which are big endian. Our PowerPC is also big endian, which this patch also fixes.
Reported by: Mark Millard <marklmi at yahoo.com> Tested by: Mark Millard <marklmi at yahoo.com> Obtained from: https://www.sqlite.org/src/vinfo/04885763c4cd00cb?diff=1 https://sqlite.org/forum/forumpost/672291a5b2
|