[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Incomplete fix for CVE-2019-20218/sqlite3

Hi Moritz,

> CVE-2019-20218 isn't fixed in Stretch/LTS. Running the reproducer:

Thanks for this. With my FD hat on, I've just re-added it to
dla-needed.txt, and here is the relevant debian/changelog entry (lines

   1 sqlite3 (3.16.2-5+deb9u2) stretch-security; urgency=high
   3   * Non-maintainer upload by the LTS Team.
   4   * CVE-2018-8740: Databases whose schema is corrupted using a CREATE TABLE AS
   5     statement could cause a NULL pointer dereference.
   6   * CVE-2018-20346, CVE-2018-20506: Add extra defenses against strategically
   7     corrupt databases to fts3/4.
   8   * CVE-2019-5827: Integer overflow allowed a remote attacker to potentially
   9     exploit heap corruption via a crafted HTML page, primarily impacting
  10     chromium.
  11   * CVE-2019-9936: Potential information leak when running fts5 prefix queries
  12     inside a transaction, which could trigger a heap-based buffer over-read.
  13   * CVE-2019-9937: interleaving reads and writes in a single transaction with
  14     an fts5 virtual table will lead to a NULL Pointer Dereference
  15   * CVE-2019-16168: Missing validation resulting in a potential division by
  16     zero, which can crash a browser or other application
  17   * CVE-2019-20218: Do not attempt to unwind the WITH stack in the event of a
  18     parse error
  19   * CVE-2020-13630: Fix use-after-free in fts3EvalNextRow, related to the
  20     snippet feature
  21   * CVE-2020-13632: Fix NULL pointer dereference via a crafted matchinfo()
  22     query
  23   * CVE-2020-13871: Fix use-after-free in resetAccumulator in select.c
  24   * CVE-2020-11655: Fix denial of service resulting from segmentation fault
  25     via a malformed window-function query.
  26   * CVE-2020-13434: Fix integer overflow in sqlite3_str_vappendf.
  28  -- Roberto C. Sanchez <roberto@debian.org>  Tue, 04 Aug 2020 19:07:43 -0400

Roberto, can you follow-up on this?


     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org 🍥 chris-lamb.co.uk

Reply to: