[SECURITY] [DLA 1018-1] sqlite3 security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : sqlite3
Version : 3.7.13-1+deb7u4
CVE ID : CVE-2017-10989
Debian Bug : #867618
It was discovered that there was a heap-based buffer over-read vulnerability in
SQLite, a lightweight database engine. The getNodeSize function in
ext/rtree/rtree.c mishandled undersized RTree blobs in a specially-crafted
database,
For Debian 7 "Wheezy", this issue has been fixed in sqlite3 version
3.7.13-1+deb7u4.
We recommend that you upgrade your sqlite3 packages.
Regards,
- --
,''`.
: :' : Chris Lamb, Debian Project Leader
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAllh4+4ACgkQHpU+J9Qx
HlgKmQ/+MZMc/wZyHf/j79ZpuRNfT9zqBelTfoPbsJljo7EWPfRSiHPWCQOSmh/H
GumupH0AXwjYbke50d9fGwnU9caBOfRuLJhFy18ZJ1X5CZBTTKdo/aaU/AcdKObY
IdQkC9c0QsQCnTR8u6taadnXeyk2hB1DR1+VLltrHOdeDo4sv3wDQxKNKqprWESt
oDPiC9+fhw563NQ3UjIMV+ra27BwzVNyPRAroDNvK5xijW8mDFm5jZi2+WoIKAJJ
4PFAvwXEdg2/9yl0+/zmOwB1/XLKz5rqtFrcMhiuF1pHZnZqKBLDIHaEiTg/peRb
6m4uySkn10Hus6nvS72AHE0Il8uqIieUPctJRzzHUw2znQaL9FemH2ajFRjun3Fx
HVoMXEU3DMbCZA5C1kesuf2SfLyMP3iphJh7+oDbH5YPxYa4katK/fqrP1yVymlA
a+TsFRg8glC5rHegotttq2TUIonbGzh/zFSwIqDErNk6+B+pT5ZRAr2ouHpEFRjQ
nvIy695FpZstErt5v1mptWfw2Ngx2R5BlpN8FLOGsE/+vWy/A0oeoOW/T8li5w3j
DRZXS8cjevhTYzzR7NXgBTqIFmuNRoaD1kRIKklobjbRc+MdXrZVJLVW9SR7HeYT
7Hjm6LoUrq/kuOqsDk5fkG1f/v2FzVmRY0k0dwnJ3jjCGMVr5qo=
=cyJg
-----END PGP SIGNATURE-----
Reply to: