pool/sqlite3
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
179 Commits 2 Branches 0 Tags 25 MiB
RPM Spec 100%
98346ec9c1
Go to file
Reinhard Max 98346ec9c1 - The following CVEs have been fixed in upstream releases up to 
this point, but were not mentioned in the chane log so far:
  * bsc#1173641, CVE-2020-15358: heap-based buffer overflow in
    multiSelectOrderBy due to mishandling of query-flattener
    optimization
  * bsc#1164719, CVE-2020-9327: NULL pointer dereference and
    segmentation fault because of generated column optimizations in
    isAuxiliaryVtabOperator
  * bsc#1160439, CVE-2019-20218: selectExpander in select.c proceeds
    with WITH stack unwinding even after a parsing error
  * bsc#1160438, CVE-2019-19959: memory-management error via
    ext/misc/zipfile.c involving embedded '\0' input
  * bsc#1160309, CVE-2019-19923: improper handling  of  certain uses
    of SELECT DISTINCT in flattenSubquery may lead to null pointer
    dereference
  * bsc#1159850, CVE-2019-19924: improper error handling in
    sqlite3WindowRewrite()
  * bsc#1159847, CVE-2019-19925: improper handling of NULL pathname
    during an update of a ZIP archive
  * bsc#1159715, CVE-2019-19926: improper handling  of certain
    errors during parsing  multiSelect in select.c
  * bsc#1159491, CVE-2019-19880: exprListAppendList in window.c
    allows attackers to trigger an invalid pointer dereference
  * bsc#1158960, CVE-2019-19603: during handling of CREATE TABLE
    and CREATE VIEW statements, does not consider confusion with
    a shadow table name
  * bsc#1158959, CVE-2019-19646: pragma.c mishandles NOT NULL in an
    integrity_check PRAGMA command in certain cases of generated
    columns
  * bsc#1158958, CVE-2019-19645: alter.c allows attackers to trigger
    infinite recursion via certain types of self-referential views
    in conjunction with ALTER TABLE statements
  * bsc#1158812, CVE-2019-19317: lookupName in resolve.c omits bits
    from the colUsed bitmask in the case of a generated column,
    which allows attackers to cause a denial of service
  * bsc#1157818, CVE-2019-19244: sqlite3,sqlite2,sqlite: The
    function sqlite3Select in select.c allows a crash if a
    sub-select uses both DISTINCT and window functions, and also
    has certain ORDER BY usage
  * bsc#928701, CVE-2015-3415: sqlite3VdbeExec comparison operator
    vulnerability
  * bsc#928700, CVE-2015-3414: sqlite3,sqlite2: dequoting of
    collation-sequence names
  * CVE-2018-20346, bsc#1119687: remote code execution
    vulnerability in FTS3 (Magellan).

OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=261
2021-04-01 10:56:15 +00:00
.gitattributes OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sqlite3?expand=0&rev=1 2008-01-14 09:18:35 +00:00
.gitignore OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sqlite3?expand=0&rev=1 2008-01-14 09:18:35 +00:00
baselibs.conf OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sqlite3?expand=0&rev=8 2008-05-07 20:09:22 +00:00
sqlite3.changes - The following CVEs have been fixed in upstream releases up to 2021-04-01 10:56:15 +00:00
sqlite3.spec Accepting request 880128 from home:marxin:branches:server:database 2021-03-19 16:18:37 +00:00
sqlite-doc-3350200.zip Accepting request 879748 from home:AndreasStieger:branches:server:database 2021-03-18 08:32:44 +00:00
sqlite-src-3350200.zip Accepting request 879748 from home:AndreasStieger:branches:server:database 2021-03-18 08:32:44 +00:00