diff --git a/sqlite3.changes b/sqlite3.changes index c8a1060..ecaa04a 100644 --- a/sqlite3.changes +++ b/sqlite3.changes @@ -46,14 +46,6 @@ Tue Apr 6 14:57:30 UTC 2021 - Reinhard Max vulnerability * bsc#928700, CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names - * bsc#1155787, CVE-2017-2518: A use-after-free bug in the query - optimizer may cause a buffer overflow and application crash via - a crafted SQL statement. - * bsc#1136976, CVE-2019-8457: heap out-of-bound read in the - rtreenode() function when handling invalid rtree tables. - * bsc#1132045, CVE-2017-10989: getNodeSize function in - ext/rtree/rtree.c issues - * bsc#987394, CVE-2016-6153: Fix Tempdir Selection Vulnerability - Fix build on SLE-12 and remove the following patches from there which are all upstream: @@ -61,11 +53,15 @@ Tue Apr 6 14:57:30 UTC 2021 - Reinhard Max * sqlite3-CVE-2017-2518.patch, * sqlite3-CVE-2018-20346.patch, * sqlite3-CVE-2018-8740.patch, - * sqlite3-CVE-2019-16168.patch (bsc#1019518), + * sqlite3-CVE-2019-16168.patch, * sqlite3-CVE-2019-8457.patch, * sqlite3-journal-file.patch, - * sqlite3-xFetch-null.patch (bsc#1025034), + * sqlite3-xFetch-null.patch, * sqlite3-CVE-2016-6153.patch + * The addition of these patches was also merged into the history + of Factory for log consistency reasons although they never + existed there, because Factory was always updated to a fixed + version instead of adding a patch. ------------------------------------------------------------------- Sat Apr 3 06:51:48 UTC 2021 - Andreas Stieger @@ -184,7 +180,7 @@ Wed Dec 2 09:08:39 UTC 2020 - Reinhard Max current transaction state of the database connection. * Enhance recursive common table expressions to support two or more recursive terms as is done by SQL Server, since this helps make - queries against graphs easier to write and faster to execute.\ + queries against graphs easier to write and faster to execute. * Improved error messages on CHECK constraint failures. * The .read dot-command now accepts a pipeline in addition to a filename. @@ -341,6 +337,13 @@ Fri Jan 17 14:29:39 UTC 2020 - Stefan Brüns function, exposed when running testsuite on i586: + sqlite3-avoid-truncation-error.patch +------------------------------------------------------------------- +Wed Nov 6 12:33:37 UTC 2019 - Reinhard Max + +- bsc#1155787, CVE-2017-2518, sqlite3-CVE-2017-2518.patch: + A use-after-free bug in the query optimizer may cause a buffer + overflow and application crash via a crafted SQL statement. + ------------------------------------------------------------------- Fri Oct 11 15:05:00 UTC 2019 - Andreas Stieger @@ -409,6 +412,13 @@ Thu Jul 11 08:59:55 UTC 2019 - Ismail Dönmez + Add the long-standing ".testctrl" command to the ".help" menu. + Added the ".dbconfig" command +------------------------------------------------------------------- +Wed Jun 12 13:18:28 UTC 2019 - Reinhard Max + +- CVE-2019-8457, bsc#1136976, sqlite3-CVE-2019-8457.patch: heap + out-of-bound read in the rtreenode() function when handling + invalid rtree tables. + ------------------------------------------------------------------- Thu Apr 18 13:52:28 UTC 2019 - Reinhard Max @@ -426,6 +436,21 @@ Thu Apr 18 13:52:28 UTC 2019 - Reinhard Max * Security and compatibilities enhancements to fts3_tokenizer(). * Improved robustness against corrupt database files. +------------------------------------------------------------------- +Wed Apr 17 15:39:30 UTC 2019 - Reinhard Max + +- CVE-2017-10989, bsc#1132045, sqlite3-CVE-2017-10989.patch: + getNodeSize function in ext/rtree/rtree.c issues +- CVE-2018-8740, bsc#1085790, sqlite3-CVE-2018-8740.patch: + Databases whose schema is corrupted using a CREATE TABLE AS + statement could cause a NULL pointer dereference. + +------------------------------------------------------------------- +Fri Mar 15 12:54:22 UTC 2019 - Reinhard Max + +- CVE-2018-20346, bsc#1119687, sqlite3-CVE-2018-20346.patch: + Fix remote code execution vulnerability in FTS3 (Magellan). + ------------------------------------------------------------------- Sun Mar 10 17:37:06 UTC 2019 - Andreas Stieger @@ -791,6 +816,12 @@ Mon May 22 18:47:42 UTC 2017 - idonmez@suse.com to avoid excess stack usage in the recursive descent parser. Fix for ticket 981329adeef51011052. +------------------------------------------------------------------- +Tue Apr 4 12:46:31 UTC 2017 - max@suse.com + +- Avoid calling sqlite3OsFetch() on a file-handle for which the + xFetch method is NULL (bsc#1025034, sqlite3-xFetch-null.patch). + ------------------------------------------------------------------- Fri Mar 31 12:03:54 UTC 2017 - idonmez@suse.com @@ -887,6 +918,12 @@ Tue Feb 14 09:19:28 UTC 2017 - idonmez@suse.com * Ensure that the sqlite3_blob_reopen() interface can correctly handle short rows. Fix for ticket e6e962d6b0f06f46e. +------------------------------------------------------------------- +Mon Jan 16 13:08:11 UTC 2017 - max@suse.com + +- Fix a segfault in the in-memory journal logic (bsc#1019518, + sqlite3-journal-file.patch). + ------------------------------------------------------------------- Sat Jan 7 16:44:32 UTC 2017 - mpluskal@suse.com @@ -1094,6 +1131,12 @@ Tue Aug 2 11:00:30 UTC 2016 - tchvatal@suse.com - Reduce the conditions a bit and sort with spec-cleaner - Remove condition for old sle10 ppc machines +------------------------------------------------------------------- +Tue Jul 5 15:51:09 UTC 2016 - max@suse.com + +- Fix Tempdir Selection Vulnerability (bsc#987394, CVE-2016-6153, + sqlite3-CVE-2016-6153.patch). + ------------------------------------------------------------------- Wed May 18 19:43:17 UTC 2016 - idonmez@suse.com