Bug#864088: unblock (pre-approval): sqlite3/3.6.12-4
Control: tags -1 - moreinfo
Hi
On Sun, Jun 04, 2017 at 11:20:00AM +0000, Niels Thykier wrote:
> Control: tags -1 confirmed moreinfo
>
> László Böszörményi (GCS):
> > Package: release.debian.org
> > User: release.debian.org@packages.debian.org
> > Usertags: unblock
> >
> > Hi Release Team,
> >
> > I would like to upload a security related update for sqlite3. It contains:
> > - Prevent a possible NULL pointer dereference in the OP_Found opcode
> > that can follow an OOM error. Problem found by OSS-Fuzz[1],
> > - Stack overflow while parsing deeply nested JSON[2],
> > - JSON allows unescaped control characters in strings[3],
> > - JSON extension accepts invalid numeric values[4].
> >
> > Upstream tagged these as 'code defect' and severity 'severe'. The
> > changes itself are small and the 3.19.2-1 version in experimental
> > contains these fixes.
> >
> > Debdiff is attached. Thanks for consideration.
> >
> > Regards,
> > Laszlo/GCS
> > [1] http://www.sqlite.org/src/info/c2de178fe7e2e4e0
> > [2] https://www.sqlite.org/src/info/981329adeef51011052
> > [3] https://www.sqlite.org/src/info/6c9b5514077fed34551
> > [4] https://www.sqlite.org/src/info/b93be8729a895a528e2
> >
>
> Ack, please go ahead. Given the deadlines for migration, ideally this
> upload is completed no later than Monday.
Remvoing the moreinfo tag, since uploaded and built on all release
architectures afaics.
Regards,
Salvatore
Reply to: