[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#864088: unblock (pre-approval): sqlite3/3.6.12-4

Control: tags -1 confirmed moreinfo

László Böszörményi (GCS):
> Package: release.debian.org
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Hi Release Team,
> 
> I would like to upload a security related update for sqlite3. It contains:
> - Prevent a possible NULL pointer dereference in the OP_Found opcode
> that can follow an OOM error. Problem found by OSS-Fuzz[1],
> - Stack overflow while parsing deeply nested JSON[2],
> - JSON allows unescaped control characters in strings[3],
> - JSON extension accepts invalid numeric values[4].
> 
> Upstream tagged these as 'code defect' and severity 'severe'. The
> changes itself are small and the 3.19.2-1 version in experimental
> contains these fixes.
> 
> Debdiff is attached. Thanks for consideration.
> 
> Regards,
> Laszlo/GCS
> [1] http://www.sqlite.org/src/info/c2de178fe7e2e4e0
> [2] https://www.sqlite.org/src/info/981329adeef51011052
> [3] https://www.sqlite.org/src/info/6c9b5514077fed34551
> [4] https://www.sqlite.org/src/info/b93be8729a895a528e2
> 

Ack, please go ahead.  Given the deadlines for migration, ideally this
upload is completed no later than Monday.

Thanks,
~Niels
Reply to: