- The following CVEs have been fixed in upstream releases up to

this point, but were not mentioned in the chane log so far: * bsc#1173641, CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization * bsc#1164719, CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator * bsc#1160439, CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error * bsc#1160438, CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '＼0' input * bsc#1160309, CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference * bsc#1159850, CVE-2019-19924: improper error handling in sqlite3WindowRewrite() * bsc#1159847, CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive * bsc#1159715, CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c * bsc#1159491, CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference * bsc#1158960, CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name * bsc#1158959, CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns * bsc#1158958, CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements * bsc#1158812, CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service * bsc#1157818, CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage * bsc#928701, CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability * bsc#928700, CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names * CVE-2018-20346, bsc#1119687: remote code execution vulnerability in FTS3 (Magellan). OBS-URL: https://build.opensuse.org/package/show/server:database/sqlite3?expand=0&rev=261
2021-04-01 10:56:15 +00:00 · 2021-04-01 10:56:15 +00:00 · 98346ec9c1
commit 98346ec9c1
parent fa38ede2d7
1 changed files with 49 additions and 0 deletions
--- a/sqlite3.changes
+++ b/sqlite3.changes
@ -1,3 +1,50 @@
+-------------------------------------------------------------------
+Thu Apr  1 10:27:58 UTC 2021 - Reinhard Max <max@suse.com>
+
+- The following CVEs have been fixed in upstream releases up to
+  this point, but were not mentioned in the chane log so far:
+  * bsc#1173641, CVE-2020-15358: heap-based buffer overflow in
+    multiSelectOrderBy due to mishandling of query-flattener
+    optimization
+  * bsc#1164719, CVE-2020-9327: NULL pointer dereference and
+    segmentation fault because of generated column optimizations in
+    isAuxiliaryVtabOperator
+  * bsc#1160439, CVE-2019-20218: selectExpander in select.c proceeds
+    with WITH stack unwinding even after a parsing error
+  * bsc#1160438, CVE-2019-19959: memory-management error via
+    ext/misc/zipfile.c involving embedded '＼0' input
+  * bsc#1160309, CVE-2019-19923: improper handling  of  certain uses
+    of SELECT DISTINCT in flattenSubquery may lead to null pointer
+    dereference
+  * bsc#1159850, CVE-2019-19924: improper error handling in
+    sqlite3WindowRewrite()
+  * bsc#1159847, CVE-2019-19925: improper handling of NULL pathname
+    during an update of a ZIP archive
+  * bsc#1159715, CVE-2019-19926: improper handling  of certain
+    errors during parsing  multiSelect in select.c
+  * bsc#1159491, CVE-2019-19880: exprListAppendList in window.c
+    allows attackers to trigger an invalid pointer dereference
+  * bsc#1158960, CVE-2019-19603: during handling of CREATE TABLE
+    and CREATE VIEW statements, does not consider confusion with
+    a shadow table name
+  * bsc#1158959, CVE-2019-19646: pragma.c mishandles NOT NULL in an
+    integrity_check PRAGMA command in certain cases of generated
+    columns
+  * bsc#1158958, CVE-2019-19645: alter.c allows attackers to trigger
+    infinite recursion via certain types of self-referential views
+    in conjunction with ALTER TABLE statements
+  * bsc#1158812, CVE-2019-19317: lookupName in resolve.c omits bits
+    from the colUsed bitmask in the case of a generated column,
+    which allows attackers to cause a denial of service
+  * bsc#1157818, CVE-2019-19244: sqlite3,sqlite2,sqlite: The
+    function sqlite3Select in select.c allows a crash if a
+    sub-select uses both DISTINCT and window functions, and also
+    has certain ORDER BY usage
+  * bsc#928701, CVE-2015-3415: sqlite3VdbeExec comparison operator
+    vulnerability
+  * bsc#928700, CVE-2015-3414: sqlite3,sqlite2: dequoting of
+    collation-sequence names
+
 -------------------------------------------------------------------
 Fri Mar 19 14:53:04 UTC 2021 - Martin Liška <mliska@suse.cz>

@ -334,6 +381,8 @@ Sun Mar 10 17:37:06 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de>
    of the SQLite library itself
  * Increased robustness against malicious SQL that is run against
    a maliciously corrupted database
+  * CVE-2018-20346, bsc#1119687: remote code execution
+    vulnerability in FTS3 (Magellan).
 - drop sqlite3-btree02-100.patch
  
 -------------------------------------------------------------------