Bug#864088: unblock (pre-approval): sqlite3/3.6.12-4
Control: tags -1 confirmed moreinfo
László Böszörményi (GCS):
> Package: release.debian.org
> User: release.debian.org@packages.debian.org
> Usertags: unblock
>
> Hi Release Team,
>
> I would like to upload a security related update for sqlite3. It contains:
> - Prevent a possible NULL pointer dereference in the OP_Found opcode
> that can follow an OOM error. Problem found by OSS-Fuzz[1],
> - Stack overflow while parsing deeply nested JSON[2],
> - JSON allows unescaped control characters in strings[3],
> - JSON extension accepts invalid numeric values[4].
>
> Upstream tagged these as 'code defect' and severity 'severe'. The
> changes itself are small and the 3.19.2-1 version in experimental
> contains these fixes.
>
> Debdiff is attached. Thanks for consideration.
>
> Regards,
> Laszlo/GCS
> [1] http://www.sqlite.org/src/info/c2de178fe7e2e4e0
> [2] https://www.sqlite.org/src/info/981329adeef51011052
> [3] https://www.sqlite.org/src/info/6c9b5514077fed34551
> [4] https://www.sqlite.org/src/info/b93be8729a895a528e2
>
Ack, please go ahead. Given the deadlines for migration, ideally this
upload is completed no later than Monday.
Thanks,
~Niels
Reply to: